I agree that appropriate configuration/policy management is part of the solution for preventing these attacks on Kubernetes, but our view is that monitoring also plays an important role.
I should've said "limited in usefulness for detecting moderately-clever attackers" rather than just flat-out "useless". Monitoring is obviously a useful tool regardless of whether it will always help you detect attackers in your network. You could use nf_conntrack on the host as well but that could also be bypassed by a root process on the host.