{"id":41379,"date":"2019-02-28T20:53:40","date_gmt":"2019-02-28T17:53:40","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=41379"},"modified":"2024-08-24T04:32:35","modified_gmt":"2024-08-24T01:32:35","slug":"rule-driven-automation-on-kubernetes-with-autopilot-monitoring","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/","title":{"rendered":"Rule-Driven Automation on Kubernetes with Autopilot Monitoring"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#Common_Kubernetes_security_issues\" >Common Kubernetes security issues<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#What_is_Autopilot\" >What is Autopilot?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#Detecting_breadcrumbs_with_Autopilot\" >Detecting breadcrumbs with Autopilot<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#Want_details_Watch_the_video\" >Want details? Watch the video!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#Further_reading\" >Further reading<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#About_the_experts\" >About the experts<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Common_Kubernetes_security_issues\"><\/span>Common Kubernetes security issues<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>When running applications on Kubernetes, there are some common security problems that can be frequently missed. One of these mistakes involves running pods on a host volume. When this happens, data is left behind in the host machine even after the pod is terminated, leaving it vulnerable. Another issue is identifying whether or not a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Rogue_security_software\" rel=\"noopener noreferrer\" target=\"_blank\">rogue container<\/a> located on the host is accessing volumes attached to the host. These are just a few of the problems that can cause data vulnerability in Kubernetes.<\/p>\n<p>While there are some security precautions available in Kubernetes, such as enabling role-based access control (RBAC) and encrypting <a href=\"https:\/\/www.altoros.com\/blog\/enabling-persistent-storage-for-docker-and-kubernetes-on-oracle-cloud\/\">persistent volumes<\/a>, there are still limitations. In RBAC&#8217;s case, it can&#8217;t manage access to components that are not under the control of Kubernetes. Additionally, there are a few more loopholes that are difficult to secure:<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\">A pod may not successfully terminate holding a reference to the volume causing software failure.<\/li>\n<li style=\"margin-bottom: 6px;\">Left-over host mounts can be vulnerable and accessed by pods or malicious containers.<\/li>\n<li>Rogue containers bound to the host can access all the attached and mounted persistent volumes.<\/li>\n<\/ul>\n<p>At a <a href=\"https:\/\/www.meetup.com\/Silicon-Valley-Cloud-Native-and-Kubernetes-Meetup\/events\/257399970\/\" rel=\"noopener noreferrer\" target=\"_blank\">Kubernetes meetup<\/a> in Santa Clara, <a href=\"https:\/\/www.linkedin.com\/in\/gouthamrao\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gou Rao<\/a> and <a href=\"https:\/\/www.linkedin.com\/in\/aditya-dani-91014b30\/\" rel=\"noopener noreferrer\" target=\"_blank\">Aditya Dani<\/a> of Portworx discussed how some of these security loopholes can be automatically patched using an open-source solution called <a href=\"https:\/\/github.com\/libopenstorage\/autopilot\" rel=\"noopener noreferrer\" target=\"_blank\">Autopilot<\/a>.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Portworx.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Portworx.jpg\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41388\" \/><\/a><small>Gao Rou, CTO and co-founder of Portworx<\/small><\/center><\/p>\n<blockquote><p><em>&#8220;When I&#8217;m accessing my e-mail at Gmail, I really don&#8217;t know what server it&#8217;s running on. I&#8217;m just going to assume that things are safe. The same thing applies here. When I&#8217;m running my database container in a 100-node Kubernetes cluster, I don&#8217;t know which machine it&#8217;s running on. I shouldn&#8217;t have to care whether that data is going to be accessed by somebody else or if it&#8217;s safe.&#8221; \u2014Gou Rao, Portworx<\/em><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"What_is_Autopilot\"><\/span>What is Autopilot?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/autopilot-logo-v2.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/autopilot-logo-v2-160x300.png\" alt=\"\" width=\"80\" class=\"alignright size-medium wp-image-41437\" \/><\/a><\/p>\n<p><a href=\"https:\/\/github.com\/libopenstorage\/autopilot\" rel=\"noopener noreferrer\" target=\"_blank\">Autopilot<\/a> is a rule-based analytical engine, which uses a monitor-and-react model. The solution takes its input from various metrics, logs, and tracers of the stateful applications like Postgres, Cassandra, and Redis. From this input, Autopilot can perform certain actions complying with a condition set. Both input rules and outcome actions are based on well-defined Kubernetes <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/extend-kubernetes\/api-extension\/custom-resources\/#customresourcedefinitions\" rel=\"noopener noreferrer\" target=\"_blank\">CustomResourceDefinitions<\/a> (CRD).<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-overview-v3.gif\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-overview-v3.gif\" alt=\"\" width=\"640\" height=\"360\" class=\"aligncenter size-full wp-image-41428\" \/><\/a><small>Autopilot workflow (<a href=\"https:\/\/github.com\/libopenstorage\/autopilot\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<blockquote><p><em>&#8220;It&#8217;s basically a policy-based engine that&#8217;s looking out for the administrator&#8217;s back. If an application&#8217;s running rogue, if there&#8217;s a security violation, or if there&#8217;s a performance issue, its job is to step in and either raise a red flag or take action on it.&#8221; \u2014Gou Rao, Portworx<\/em><\/p><\/blockquote>\n<p>Some of the actions Autopilot can perform include:<\/p>\n<ul>\n<li>Automatic persistent volume <strong>updates<\/strong> and <strong>relocation<\/strong><\/li>\n<li style=\"margin-bottom: 6px;\">Automatic <strong>scaling<\/strong> of a volume by increasing or decreasing input\/output operations per second<\/li>\n<\/ul>\n<p>According to the Portworx team:<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\">Performance of an application and its containers at the required levels is ensured via <strong>monitoring<\/strong>.<\/li>\n<li style=\"margin-bottom: 6px;\">High availability is achieved through <strong>redundancy<\/strong>.<\/li>\n<li>Pod <strong>scaling<\/strong> and application-level <strong>rebalancing<\/strong> are supported out-of-the-box.<\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Aditya-Dani-Portworx.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Aditya-Dani-Portworx.jpg\" width=\"640\" class=\"aligncenter size-full wp-image-41403\" \/><\/a><small>Aditya Dani, software developer at Portworx<\/small><\/center><\/p>\n<blockquote><p><em>&#8220;You define an application-level policy, which is given as input to the Autopilot inference engine. The other input are metrics, logs, and tracers. It also talks to Kubernetes, then it does correlations based on the input and the timelines. Based on the conditions that have been defined in the policy, it&#8217;s going to perform an action. The action can be specific to an application or it can be a generic action.&#8221; \u2014Aditya Dani, Portworx<\/em><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Detecting_breadcrumbs_with_Autopilot\"><\/span>Detecting breadcrumbs with Autopilot<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To get a better understanding of Autopilot, the Portworx team referred to a common security problem in Kubernetes, which is <em>detecting breadcrumbs<\/em> (the data an application leaves on a node) and stopping rogue containers which try to access it.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-detecting-breadcrumbs.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-detecting-breadcrumbs.png\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41426\" \/><\/a><small>Detecting breadcrumbs with Autopilot (<a href=\"https:\/\/www.slideshare.net\/CloudNativeOpenInfra\/autopilot-securing-cloud-native-storage\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>In their example, the speakers utilized and monitored cAdvisor, which provides metrics for resource usage and performance characteristics of running containers.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-cAdvisor-metrics.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-cAdvisor-metrics.png\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41398\" \/><\/a><small>An example of a metric from cAdvisor (<a href=\"https:\/\/www.slideshare.net\/CloudNativeOpenInfra\/autopilot-securing-cloud-native-storage\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>In order to use the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">container_fs_read_bytes_total<\/code> metric from cAdvisor, a Postgres volume security policy is defined. Under this policy, containers which aren&#8217;t part of the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/kubepods<\/code> Kubernetes cgroup are stopped if they try to access the breadcrumbs.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-storage-policy-crd.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-storage-policy-crd.png\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41400\" \/><\/a><small>An example of a storage policy CRD (<a href=\"https:\/\/www.slideshare.net\/CloudNativeOpenInfra\/autopilot-securing-cloud-native-storage\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<blockquote><p><em>&#8220;This is extensive. You can define your own actions and your own conditions. You can also define your own application-level specific policies.&#8221; \u2014Aditya Dani, Portworx<\/em><\/p><\/blockquote>\n<p>Through the use of Kubernetes CRDs, the input and output policies of Autopilot can be heavily customized to meet different security and storage requirements. While the example presented here is about <em>volume security<\/em>, Autopilot can also be used to monitor and automate applications, as well as <em>volume health<\/em>. More examples and Autopilot&#8217;s development can be tracked in <a href=\"https:\/\/github.com\/libopenstorage\/autopilot\" rel=\"noopener noreferrer\" target=\"_blank\">the project&#8217;s GitHub repo<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Want_details_Watch_the_video\"><\/span>Want details? Watch the video!<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div class=\"video-block\">\n<div class=\"video-block-wrap\">\n        <script charset=\"ISO-8859-1\" src=\"\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_embed wistia_async_de2glqmbf5\" style=\"height:320px;width:440px\"><\/div>\n<\/p><\/div>\n<div class=\"video-block-descr\">\n        <strong>Table of contents<\/strong><\/p>\n<ol>\n<li>What is Portworx? (<a href=\"#wistia_de2glqmbf5?time=29\">00&#8217;29&#8221;<\/a>)<\/li>\n<li>Common security problems in Kubernetes (<a href=\"#wistia_de2glqmbf5?time=415\">6&#8217;55&#8221;<\/a>)<\/li>\n<li>What is the Autopilot engine? (<a href=\"#wistia_de2glqmbf5?time=785\">13&#8217;05&#8221;<\/a>)<\/li>\n<li>How does Autopilot work? (<a href=\"#wistia_de2glqmbf5?time=1000\">16&#8217;40&#8221;<\/a>)<\/li>\n<li>Detecting breadcrumbs with Autopilot (<a href=\"#wistia_de2glqmbf5?time=1098\">18&#8217;18&#8221;<\/a>)<\/li>\n<li>How is a storage policy defined? (<a href=\"#wistia_de2glqmbf5?time=1270\">21&#8217;10&#8221;<\/a>)<\/li>\n<li>Demo: Autopilot in action (<a href=\"#wistia_de2glqmbf5?time=1365\">22&#8217;45&#8221;<\/a>)<\/li>\n<li>Questions and answers (<a href=\"#wistia_de2glqmbf5?time=1965\">32&#8217;45&#8221;<\/a>)<\/li>\n<\/ol><\/div>\n<\/div>\n<p>&nbsp;<br \/>\n<small>These are the slides presented.<\/small><\/p>\n<p><center><iframe loading=\"lazy\" src=\"\/\/www.slideshare.net\/slideshow\/embed_code\/key\/xH0CTXilrp3Tbl\" width=\"595\" height=\"485\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> <\/iframe><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\">Tips for Implementing Shift-Left Security on Kubernetes<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\">Improving Security for Kubernetes Deployments at Scale<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/integrating-calico-and-istio-to-secure-zero-trust-networks-on-kubernetes\/\">Integrating Calico and Istio to Secure Zero-Trust Networks on Kubernetes<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"About_the_experts\"><\/span>About the experts<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>\n<div style=\"float: right;\"><a href=\"https:\/\/www.linkedin.com\/in\/gouthamrao\/\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Gou-Rou-bio.png\" alt=\"\" width=\"120\" class=\"aligncenter size-full wp-image-41409\" \/><\/a><\/div>\n<div style=\"width: 600px;\"><small><a href=\"https:\/\/www.linkedin.com\/in\/gouthamrao\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gou Rao<\/a> is CTO and Co-founder of Portworx, leading the company\u2019s technology, market, and solution execution strategy. Previously, he served as CTO of Data Protection at Dell, in charge of the technical direction, strategy, and architecture. Gou joined Dell through the acquisition of Ocarina Networks, where he was Co-founder, CTO, and Chief Architect. Gou was also CTO and Co-founder of Net 6 (acquired by Citrix), where he invented Hybrid VPN.<\/small><\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<div>\n<div style=\"float: right;\"><a href=\"https:\/\/www.linkedin.com\/in\/aditya-dani-91014b30\/\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Aditya-Dani-bio.png\" alt=\"\" width=\"120\" class=\"aligncenter size-full wp-image-41408\" \/><\/a><\/div>\n<div style=\"width: 600px;\"><small><a href=\"https:\/\/www.linkedin.com\/in\/aditya-dani-91014b30\/\" rel=\"noopener noreferrer\" target=\"_blank\">Aditya Dani<\/a> is a member of technical staff at Portworx with 5+ years of experience in building distributed control-plane solutions. He has written the Kubernetes in-tree storage plugin for Portworx. Recently, Aditya has been working on Portworx&#8217;s distributed control plane, including the integration efforts with Kubernetes and different schedulers. Prior to that, he was a software development engineer at Amazon Music.<\/small><\/div>\n<\/div>\n<hr\/>\n<p><center><small>The post is written by Carlo Gutierrez, edited by <a href=\"https:\/\/www.altoros.com\/blog\/author\/sophie.turol\/\">Sophia Turol<\/a> and <a href=\"https:\/\/www.altoros.com\/blog\/author\/alex\/\">Alex Khizhniak<\/a>.<\/small><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Common Kubernetes security issues<\/p>\n<p>When running applications on Kubernetes, there are some common security problems that can be frequently missed. One of these mistakes involves running pods on a host volume. When this happens, data is left behind in the host machine even after the pod is terminated, leaving it vulnerable. [&#8230;]<\/p>\n","protected":false},"author":32,"featured_media":41430,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[214],"tags":[873,912],"class_list":["post-41379","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-cloud-native","tag-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Rule-Driven Automation on Kubernetes with Autopilot Monitoring | Altoros<\/title>\n<meta name=\"description\" content=\"Custom policies in the Autopilot project can automatically generate actions to prevent unwanted data access, such as from rogue containers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Rule-Driven Automation on Kubernetes with Autopilot Monitoring | Altoros\" \/>\n<meta property=\"og:description\" content=\"Common Kubernetes security issues When running applications on Kubernetes, there are some common security problems that can be frequently missed. One of these mistakes involves running pods on a host volume. When this happens, data is left behind in the host machine even after the pod is terminated, leaving it vulnerable. [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-28T17:53:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-24T01:32:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Carlo Gutierrez\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlo Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/\",\"name\":\"Rule-Driven Automation on Kubernetes with Autopilot Monitoring | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif\",\"datePublished\":\"2019-02-28T17:53:40+00:00\",\"dateModified\":\"2024-08-24T01:32:35+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Rule-Driven Automation on Kubernetes with Autopilot Monitoring\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\",\"name\":\"Carlo Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"caption\":\"Carlo Gutierrez\"},\"description\":\"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Rule-Driven Automation on Kubernetes with Autopilot Monitoring | Altoros","description":"Custom policies in the Autopilot project can automatically generate actions to prevent unwanted data access, such as from rogue containers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/","og_locale":"en_US","og_type":"article","og_title":"Rule-Driven Automation on Kubernetes with Autopilot Monitoring | Altoros","og_description":"Common Kubernetes security issues When running applications on Kubernetes, there are some common security problems that can be frequently missed. One of these mistakes involves running pods on a host volume. When this happens, data is left behind in the host machine even after the pod is terminated, leaving it vulnerable. [...]","og_url":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/","og_site_name":"Altoros","article_published_time":"2019-02-28T17:53:40+00:00","article_modified_time":"2024-08-24T01:32:35+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif","type":"image\/gif"}],"author":"Carlo Gutierrez","twitter_misc":{"Written by":"Carlo Gutierrez","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/","url":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/","name":"Rule-Driven Automation on Kubernetes with Autopilot Monitoring | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif","datePublished":"2019-02-28T17:53:40+00:00","dateModified":"2024-08-24T01:32:35+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-Autopilot-Gao-Rou-Aditya-Dani-Portworx-v2.gif","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Rule-Driven Automation on Kubernetes with Autopilot Monitoring"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442","name":"Carlo Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","caption":"Carlo Gutierrez"},"description":"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.","url":"https:\/\/www.altoros.com\/blog\/author\/carlo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/41379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=41379"}],"version-history":[{"count":57,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/41379\/revisions"}],"predecessor-version":[{"id":67812,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/41379\/revisions\/67812"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/41430"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=41379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=41379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=41379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}