Unexpected Traffic on Port 3389 from Fluent Bit Pod in AWS VPC

[badmanabak]

Hello Fluent Bit Community,
We have observed that a Fluent Bit pod in our AWS VPC is generating traffic on port 3389, which is typically associated with Remote Desktop Protocol (RDP). This is unexpected behaviour as Fluent Bit should not be using this port.

Steps Taken:

1. Checked the pod configuration to ensure it is not explicitly set to use port 3389.
2. Reviewed the logs of the Fluent Bit pod but found no relevant information.
3. Analyzed AWS VPC Flow Logs to identify the source of the traffic.
   Despite these efforts, we are unable to determine why the Fluent Bit pod is generating traffic on port 3389. We need assistance in identifying the root cause and resolving this issue.

Request:
• Guidance on how to further diagnose this issue.
• Any known issues or configurations that might cause Fluent Bit to use port 3389.
• Recommendations for resolving this unexpected behaviour.

[edsiper]

• which image are you running and where you get it from?
• share your config map

[badmanabak]

Container image from Docker Hub: fluent/fluent-bit:3.0.6
Helm Chart from https://fluent.github.io/helm-charts fluent-bit:0.46.7

hereby attached ConfigMap

Fluent-bit-ConfigMap.txt