Explore incident response challenges within Kubernetes environments through this 40-minute conference talk that delves into three critical compromise indicators: elevated API throughput, suspicious ingress payloads, and pod communications with known malicious IPs. Learn essential techniques for API logging, network monitoring, and pod security preparation while understanding the complexities introduced by network overlays and service meshes like Istio. Gain valuable insights into observability challenges, including the limitations of VPC flow logs and traditional monitoring approaches in Kubernetes clusters. Discover practical strategies for maintaining security visibility and implementing effective incident response measures, making this session valuable for both experienced Kubernetes practitioners and newcomers to container orchestration security.