[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [Container Security](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security?ts=markdown)
4. [What Is Container Orchestration?](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration?ts=markdown)  
   Table of Contents

* [What Is Container Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security?ts=markdown)
  * [Container Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#container-security?ts=markdown)
  * [Understanding the Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#attack-surface?ts=markdown)
  * [How to Secure Containers](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#secure-containers?ts=markdown)
  * [Container Security Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#solutions?ts=markdown)
  * [Container Security FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security#faq?ts=markdown)
* [Managing Permissions with Kubernetes RBAC](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac?ts=markdown)
  * [Kubernetes RBAC Defined](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#kubernetes?ts=markdown)
  * [Why Is RBAC Important for Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#important?ts=markdown)
  * [RBAC Roles and Permissions in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#roles?ts=markdown)
  * [How Kubernetes RBAC Works](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#how?ts=markdown)
  * [The Role of RBAC in Kubernetes Authorization](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#authorization?ts=markdown)
  * [Common RBAC Permissions Risks and Vulnerabilities](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#common?ts=markdown)
  * [Kubernetes RBAC Best Practices and Recommendations](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#best?ts=markdown)
  * [Kubernetes and RBAC FAQ](https://www.paloaltonetworks.com/cyberpedia/kubernetes-rbac#faqs?ts=markdown)
* [Kubernetes: How to Implement AI-Powered Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security?ts=markdown)
  * [Common Threats to Kubernetes Clusters](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#common?ts=markdown)
  * [How Is AI Used to Enhance Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#how?ts=markdown)
  * [How Do You Implement AI-Powered Security in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#do?ts=markdown)
  * [What Are the Best Types of AI-Powered Tools for Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#what?ts=markdown)
  * [Kubernetes and AI-Powered Security FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-ai-security#faqs?ts=markdown)
* [What Is Container Runtime Security?](https://www.paloaltonetworks.com/cyberpedia/runtime-security?ts=markdown)
  * [Container Runtime Security for Modern Applications](https://www.paloaltonetworks.com/cyberpedia/runtime-security#runtime-security?ts=markdown)
  * [Models and Rules: Understanding Container Runtime Security](https://www.paloaltonetworks.com/cyberpedia/runtime-security#models?ts=markdown)
  * [Components of Container Runtime Security](https://www.paloaltonetworks.com/cyberpedia/runtime-security#components?ts=markdown)
  * [Best Practices for Optimal Runtime Security](https://www.paloaltonetworks.com/cyberpedia/runtime-security#best-practices?ts=markdown)
  * [At-a Glance Runtime Security Checklist](https://www.paloaltonetworks.com/cyberpedia/runtime-security#checklist?ts=markdown)
  * [Runtime Security FAQs](https://www.paloaltonetworks.com/cyberpedia/runtime-security#faq?ts=markdown)
* [What Is Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security?ts=markdown)
  * [Kubernetes Security Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#kubernetes?ts=markdown)
  * [The Importance of Kubernetes Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#importance?ts=markdown)
  * [Application Security in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#application?ts=markdown)
  * [7 Common Kubernetes Security Mistakes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#mistakes?ts=markdown)
  * [Kubernetes Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#practices?ts=markdown)
  * [Kubernetes Security FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security#faqs?ts=markdown)
* [Multicloud Management with Al and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management?ts=markdown)
  * [Multicloud Kubernetes Defined](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#multicloud?ts=markdown)
  * [How Does Kubernetes Facilitate Multicloud Management?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#how?ts=markdown)
  * [Multicloud Management Using AI and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#kubernetes?ts=markdown)
  * [Key AI and Kubernetes Capabilities](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#key?ts=markdown)
  * [Strategic Planning for Multicloud Management](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#strategic?ts=markdown)
  * [Steps to Manage Multiple Cloud Environments with AI and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#steps?ts=markdown)
  * [Multicloud Management Challenges](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#challenges?ts=markdown)
  * [Kubernetes Multicloud Management with AI FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-multicloud-management#faqs?ts=markdown)
* [What Is Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown)
  * [Kubernetes Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#kubernetes?ts=markdown)
  * [Kubernetes Architecture](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#architecture?ts=markdown)
  * [Nodes: The Foundation](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#nodes?ts=markdown)
  * [Clusters](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#clusters?ts=markdown)
  * [Pods: The Basic Units of Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#pods?ts=markdown)
  * [Kubelet](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#kubelet?ts=markdown)
  * [Services: Networking in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#services?ts=markdown)
  * [Volumes: Handling Persistent Storage](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#volumes?ts=markdown)
  * [Deployments in Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#deployments?ts=markdown)
  * [Kubernetes Automation and Capabilities](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#capabilities?ts=markdown)
  * [Benefits of Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#benefits?ts=markdown)
  * [Kubernetes Vs. Docker](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#compare?ts=markdown)
  * [Kubernetes FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes#faq?ts=markdown)
* [What Is Kubernetes Security Posture Management (KSPM)?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm?ts=markdown)
  * [Kubernetes Security Posture Management Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#kspm?ts=markdown)
  * [What Is the Importance of KSPM?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#importance?ts=markdown)
  * [KSPM \& the Four Cs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#kspm-cs?ts=markdown)
  * [Vulnerabilities Addressed with Kubernetes Security Posture Management](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#vulnerabilities?ts=markdown)
  * [How Does Kubernetes Security Posture Management Work?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#how?ts=markdown)
  * [What Are the Key Components and Functions of an Effective KSPM Solution?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#components?ts=markdown)
  * [KSPM Vs. CSPM](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#vs?ts=markdown)
  * [Best Practices for KSPM](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#best-practices?ts=markdown)
  * [KSPM Use Cases](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#use-cases?ts=markdown)
  * [Kubernetes Security Posture Management (KSPM) FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security-posture-management-kspm#faq?ts=markdown)
* [What Is Orchestration Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security?ts=markdown)
  * [Orchestration Security Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#orchestration-security?ts=markdown)
  * [Securing the Build Layer](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#build-layer?ts=markdown)
  * [Orchestration Access Security](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#access-security?ts=markdown)
  * [At-a-Glance Container Orchestration Security Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#checklist?ts=markdown)
  * [Container Orchestration FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security#faq?ts=markdown)
* What Is Container Orchestration?
  * [Container Orchestration Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#container-orchestration?ts=markdown)
  * [Orchestration Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#tools?ts=markdown)
  * [Key Components of Orchestrators](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#components?ts=markdown)
  * [Container Orchestration and the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#pipeline?ts=markdown)
  * [Benefits of Container Orchestration](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#benefits?ts=markdown)
  * [The Container Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#ecosystem?ts=markdown)
  * [Container Orchestration FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#faq?ts=markdown)
* [How to Secure Kubernetes Secrets and Sensitive Data](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets?ts=markdown)
  * [Kubernetes Secrets Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#kubernetes?ts=markdown)
  * [Importance of Securing Kubernetes Secrets](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#importance?ts=markdown)
  * [How Kubernetes Secrets Work](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#kubernetes-secrets?ts=markdown)
  * [How Do You Store Sensitive Data in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#sensitive-data?ts=markdown)
  * [How Do You Secure Secrets in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#secure-secrets?ts=markdown)
  * [Challenges in Securing Kubernetes Secrets](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#challenges?ts=markdown)
  * [What Are the Best Practices to Make Kubernetes Secrets More Secure?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#best-practices?ts=markdown)
  * [What Tools Are Available to Secure Secrets in Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#tools?ts=markdown)
  * [Kubernetes Secrets FAQ](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets#faq?ts=markdown)
* [Kubernetes and Infrastructure as Code](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code?ts=markdown)
  * [Infrastructure as Code in the Kubernetes Environment](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#kubernetes-environment?ts=markdown)
  * [Understanding IaC](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#iac?ts=markdown)
  * [IaC Security Is Key](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#iac-security?ts=markdown)
  * [Kubernetes Host Infrastructure Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#host-infrastructure-security?ts=markdown)
  * [IAM Security for Kubernetes Clusters](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#iam-security?ts=markdown)
  * [Container Registry and IaC Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#container-registry?ts=markdown)
  * [Avoid Pulling "Latest" Container Images](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#container-images?ts=markdown)
  * [Avoid Privileged Containers and Escalation](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#privileged-containers?ts=markdown)
  * [Isolate Pods at the Network Level](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#isolate-pods?ts=markdown)
  * [Encrypt Internal Traffic](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#encrypt?ts=markdown)
  * [Specifying Resource Limits](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#resource-limits?ts=markdown)
  * [Avoiding the Default Namespace](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#namespace?ts=markdown)
  * [Enable Audit Logging](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#audit-logging?ts=markdown)
  * [Securing Open-Source Kubernetes Components](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#kubernetes-components?ts=markdown)
  * [Kubernetes Security Across the DevOps Lifecycle](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#devops-lifecycle?ts=markdown)
  * [Kubernetes and Infrastructure as Code FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-infrastructure-as-code#faq?ts=markdown)
* [What Is the Difference Between Dockers and Kubernetes?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker?ts=markdown)
  * [Docker Defined](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#defined?ts=markdown)
  * [Kubernetes Explained](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#explained?ts=markdown)
  * [Docker and Kubernetes: Comparison of Containerization Platforms](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#platforms?ts=markdown)
  * [Kubernetes Vs. Docker: Complementary, Not Competitors](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#competitors?ts=markdown)
  * [Benefits of Integrating Docker and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#benefits?ts=markdown)
  * [Use Cases and Applications for Docker and Kubernetes](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#usecases?ts=markdown)
  * [Dockers and Kubernetes FAQ](https://www.paloaltonetworks.com/cyberpedia/kubernetes-docker#faqs?ts=markdown)
* [Securing Your Kubernetes Cluster: Kubernetes Best Practices and Strategies](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security?ts=markdown)
  * [What Is the Importance of a Secure Kubernetes Cluster?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#importance?ts=markdown)
  * [Understanding Kubernetes Security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#security?ts=markdown)
  * [What Are Kubernetes Security Considerations and Security Best Practices?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#practices?ts=markdown)
  * [What Are Advanced Strategies for Kubernetes Security?](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#advanced?ts=markdown)
  * [Kubernetes Cluster Security FAQs](https://www.paloaltonetworks.com/cyberpedia/kubernetes-cluster-security#faqs?ts=markdown)
* [What Is a Host Operating System (OS)?](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers?ts=markdown)
  * [The Host Operating System (OS) Explained](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#os?ts=markdown)
  * [Host OS Selection](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#selection?ts=markdown)
  * [Host OS Security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#security?ts=markdown)
  * [Implement Industry-Standard Security Benchmarks](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#benchmarks?ts=markdown)
  * [Container Escape](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#container-escape?ts=markdown)
  * [System-Level Security Features](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#security-features?ts=markdown)
  * [Patch Management and Vulnerability Management](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#patch-management?ts=markdown)
  * [File System and Storage Security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#storage-security?ts=markdown)
  * [Host-Level Firewall Configuration and Security](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#firewall-configuration?ts=markdown)
  * [Logging, Monitoring, and Auditing](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#logging?ts=markdown)
  * [Host OS Security FAQs](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers#faq?ts=markdown)
* [What Is Docker?](https://www.paloaltonetworks.com/cyberpedia/docker?ts=markdown)
  * [Docker Explained](https://www.paloaltonetworks.com/cyberpedia/docker#docker?ts=markdown)
  * [Understanding Docker Containers](https://www.paloaltonetworks.com/cyberpedia/docker#understanding?ts=markdown)
  * [Core Components of Docker](https://www.paloaltonetworks.com/cyberpedia/docker#core?ts=markdown)
  * [What Platforms and Environments Does Docker Support?](https://www.paloaltonetworks.com/cyberpedia/docker#what?ts=markdown)
  * [How Does Docker Work?](https://www.paloaltonetworks.com/cyberpedia/docker#how?ts=markdown)
  * [Docker Tools](https://www.paloaltonetworks.com/cyberpedia/docker#tools?ts=markdown)
  * [Docker Use Cases and Benefits](https://www.paloaltonetworks.com/cyberpedia/docker#benefits?ts=markdown)
  * [Docker FAQ](https://www.paloaltonetworks.com/cyberpedia/docker#faqs?ts=markdown)
* [What Is Container Registry Security?](https://www.paloaltonetworks.com/cyberpedia/container-registry-security?ts=markdown)
  * [Container Registry Security Explained](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#container-registry?ts=markdown)
  * [Components of Container Registry Security](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#components?ts=markdown)
  * [Promoting Image and Artifact Integrity in CI/CD](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#artifact-integrity?ts=markdown)
  * [At-a-Glance Container Registry Security Checklist](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#checklist?ts=markdown)
  * [Container Registry FAQs](https://www.paloaltonetworks.com/cyberpedia/container-registry-security#faq?ts=markdown)
* [What Is a Container?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown)
  * [Containers Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#containers?ts=markdown)
  * [Understanding Container Components](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#components?ts=markdown)
  * [Container Infrastructure](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#infrastructure?ts=markdown)
  * [Know Your Container Types](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#types?ts=markdown)
  * [Harnessing the Efficiency of Containerization](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#efficiency?ts=markdown)
  * [Container FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container#faq?ts=markdown)
* [What Is Containerization?](https://www.paloaltonetworks.com/cyberpedia/containerization?ts=markdown)
  * [Why Is Containerization Important?](https://www.paloaltonetworks.com/cyberpedia/containerization#why?ts=markdown)
  * [Containers: A Modern Contender to VMs](https://www.paloaltonetworks.com/cyberpedia/containerization#containers?ts=markdown)
  * [To Container or Not to Container: Moving Applications to the Cloud](https://www.paloaltonetworks.com/cyberpedia/containerization#apps?ts=markdown)
  * [Architecture and Migration](https://www.paloaltonetworks.com/cyberpedia/containerization#architecture?ts=markdown)
  * [Choosing a Cloud Migration Method](https://www.paloaltonetworks.com/cyberpedia/containerization#migration?ts=markdown)
  * [When Micro Means Fast](https://www.paloaltonetworks.com/cyberpedia/containerization#micro?ts=markdown)
* [Container FAQs](https://www.paloaltonetworks.com/cyberpedia/containerization#faq?ts=markdown)

# What Is Container Orchestration?

4 min. read  
Table of Contents

* * [Container Orchestration Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#container-orchestration?ts=markdown)
  * [Orchestration Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#tools?ts=markdown)
  * [Key Components of Orchestrators](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#components?ts=markdown)
  * [Container Orchestration and the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#pipeline?ts=markdown)
  * [Benefits of Container Orchestration](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#benefits?ts=markdown)
  * [The Container Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#ecosystem?ts=markdown)
* [Container Orchestration FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#faq?ts=markdown)

1. Container Orchestration Explained

* * [Container Orchestration Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#container-orchestration?ts=markdown)
  * [Orchestration Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#tools?ts=markdown)
  * [Key Components of Orchestrators](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#components?ts=markdown)
  * [Container Orchestration and the Pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#pipeline?ts=markdown)
  * [Benefits of Container Orchestration](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#benefits?ts=markdown)
  * [The Container Ecosystem](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#ecosystem?ts=markdown)
* [Container Orchestration FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration#faq?ts=markdown)

Container orchestration is a technology that automates the deployment, management, and scaling of containerized applications. It simplifies the complex tasks of managing large numbers of [containers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-container?ts=markdown). Container orchestrators, such as [Kubernetes](https://www.paloaltonetworks.com/cyberpedia/what-is-kubernetes?ts=markdown), ensure that these containers interact efficiently across different servers and environments. Orchestrators provide a framework for managing container lifecycles, facilitating service discovery, and maintaining high availability. For [microservices architectures](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown), where [cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) applications consist of numerous interdependent components, this framework is foundational.

By leveraging container orchestration, [DevOps teams](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) can streamline provisioning, resource allocation, and scaling, enabling them to fully harness the potential of containerization and align it with their business objectives.

## Container Orchestration Explained

Container orchestration automates the deployment, management, and scaling of containerized applications. Enterprises leverage orchestrators to control and coordinate massive numbers of containers, ensuring they interact efficiently across different servers.  
![Orchestration layer deploying new versions of microservices, scaling microservices to meet demand, and monitoring microservices for performance and health](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/orchestration-layer.png "Orchestration layer deploying new versions of microservices, scaling microservices to meet demand, and monitoring microservices for performance and health") *Figure 1: Orchestration layer deploying new versions of microservices, scaling microservices to meet demand, and monitoring microservices for performance and health*  
Orchestrators like Kubernetes manage lifecycles, facilitate service discovery, and maintain high availability. They enable containers to function in concert, which is essential for microservices architectures where cloud-native applications consist of numerous interdependent components.

The container orchestration market is in fact keeping pace with the adoption of microservices architectures, cloud-native applications, and [containerization](https://www.paloaltonetworks.com/cyberpedia/containerization). Calculated at US$745.72 million in 2022 --- up 26% in a five-year span --- [the market size continues to climb and is expected to reach US$1084.79 billion by 2029](https://www.maximizemarketresearch.com/market-report/global-container-orchestration-market/27444).

## Orchestration Tools

Orchestration tools provide a framework for automating container workloads, enabling DevOps teams to manage the lifecycles of their containers. These systems, or orchestration engines, facilitate advanced networking capabilities, streamlining the provisioning of containers and microservices while adjusting resources to meet demand. With orchestrators, DevOps teams can wield the full potential of containerization, aligning it with their business objectives.

### Popular Container Orchestration Engines

* Kubernetes® (K8s)
* Rancher
* SUSE Rancher
* Amazon Elastic Kubernetes Services (EKS)
* Azure Kubernetes Services (AKS)
* Google Kubernetes Engine (GKE) / Anthos
* Red Hat OpenShift Container Platform (OCP)
* Mesos
* Cisco Container Platform (CCP)
* Oracle Container Engine for Kubernetes (OKE)
* Ericsson Container Cloud (ECC)
* Docker Swarm
* HashiCorp Nomad

The advantage of orchestration engines comes from the declarative model they typically employ, which effectively combines the benefits of [infrastructure as a service (IaaS)](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service?ts=markdown) and [platform as a service (PaaS)](https://www.paloaltonetworks.com/cyberpedia/platform-as-a-service-paas?ts=markdown).

* IaaS provides the granular control and automation that allows developers to manage the underlying infrastructure, such as servers, storage, and networking. This gives developers the flexibility to customize their deployments to meet specific needs.
* PaaS provides a higher level of abstraction that allows developers to focus on their applications without having to worry about the underlying infrastructure. PaaS makes it easier for engineers to deploy and manage their applications, but it also provides them less control over the infrastructure.

Drawing from the best from both worlds, orchestrators offer developers power and flexibility, as well as a consistent operational experience across environments, from physical machines and on-premises data centers to virtual deployments and cloud-based systems.

Core features of prominent orchestration engines include scheduling, resource management, service discovery, health checks, autoscaling, and managing updates and upgrades.

## Key Components of Orchestrators

The terminology for container orchestration components varies across tools currently on the market. The underlying concepts and functionalities, though, remain relatively consistent, though. Table 3 provides a comparative overview of main components with corresponding terminology for popular container orchestrators. For our purposes, to introduce a sense of orchestration mechanics, we'll use Kubernetes terms.  
![Figure 2: Container orchestration component overview](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/container-orchestration.png "Figure 2: Container orchestration component overview") *Figure 2: Container orchestration component overview*

Orchestration engines like Kubernetes are complex, consisting of several key technological components that work in unison to manage the lifecycle of containers. By understanding key components, you gain an understanding of how to best utilize containerization technologies.

### The Control Plane

At the heart of Kubernetes lies its control plane, the command center for scheduling and managing the application lifecycle. The control plane exposes the Kubernetes API, orchestrates deployments, and directs communication throughout the system. It also monitors container health and manages the cluster, ensuring that container images are readily available from a registry for deployment.

The Kubernetes control plane comprises several components --- the etcd, the API server, the scheduler, and the controller-manager.

#### Etcd

The etcd datastore, developed by CoreOS and later acquired by Red Hat, is a distributed key-value store that holds the cluster's configuration data. It informs the orchestrator's actions to maintain the desired application state, as defined by a declarative policy. This policy outlines the optimal environment for an application, guiding the orchestrator in managing properties like instance count, storage needs, and resource allocation.

#### API Server

The Kubernetes API server plays a pivotal role, exposing the cluster's capabilities via a RESTful interface. It processes requests, validates them, and updates the state of the cluster based on instructions received. This mechanism allows for dynamic configuration and management of workloads and resources.

#### Scheduler

The scheduler in Kubernetes assigns workloads to worker nodes based on resource availability and other constraints, such as quality of service and affinity rules. The scheduler ensures that the distribution of workloads remains optimized for the cluster's current state and resource configuration.

#### Controller-Manager

The controller-manager maintains the desired state of applications. It operates through controllers, control loops that monitor the cluster's shared state and make adjustments to align the current state with the desired state. These controllers ensure the stability of nodes and pods, responding to changes in the cluster's health to maintain operational consistency.

|----------------------------------------|-------------------------------------------------|----------------------------|---------------------|-------------|
| **Container Orchestrator**             | **Control Plane Components**                    | **Worker Node Components** | **Deployment Unit** | **Service** |
| Kubernetes                             | API Server, Scheduler, Controller Manager, etcd | kubelet                    | Pod                 | Service     |
| Docker Swarm                           | Manager                                         | Worker                     | Service             | Stack       |
| Nomad                                  | Server                                          | Agent                      | Job                 | Allocation  |
| Mesos                                  | Master                                          | Agent                      | Task                | Job         |
| OpenShift                              | Console, Controller Manager, etcd               | Node                       | Pod                 | Service     |
| Amazon Elastic Container Service (ECS) | Cluster Controller                              | EC2 instances              | Task                | Service     |
| Google Kubernetes Engine (GKE)         | Control Plane                                   | Nodes                      | Pod                 | Service     |
| Azure Kubernetes Service (AKS)         | Control Plane                                   | Nodes                      | Pod                 | Service     |

Table 1: Common components across various orchestration engines.

### Orchestration and Immutable Infrastructure

In contrast with traditional servers and virtual machines, the immutable paradigm that containers and their infrastructure inhabit makes modifications post-deployment nonexistent. Instead, updates or fixes are applied by deploying new containers or servers from a common image with the necessary changes.

Immutable infrastructure's inherent programmability enables automation. [Infrastructure as code (IaC)](https://www.paloaltonetworks.com/cyberpedia/what-is-iac?ts=markdown) stands out as a hallmark of modern infrastructure, permitting applications to programmatically provision, configure, and manage the required infrastructure. The combined power of container orchestration, immutable infrastructure, and IaC-driven automation delivers unmatched flexibility and scalability.

## Container Orchestration and the Pipeline

Propelled by the twin engines of containerization and DevOps, container orchestration brings speed and scalability together to underwrite today's dynamic and demanding [production pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown).  
![Figure 3: CI/CD pipeline application development lifecycle](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ci-cd-pipeline-lifecycle.png "Figure 3: CI/CD pipeline application development lifecycle ") *Figure 3: CI/CD pipeline application development lifecycle*

### Acquire and Build Pipeline Phase

In the acquire and build stage, developers pull code from version control repositories, initiating the build process. Automated tools compile the source code into binary artifacts poised for deployment using a tool like Docker or BuildKit. Once the container image is built, it's stored in a registry such as Docker Hub or Google Artifact Registry.

The acquire and build phase promotes consistent construction of the application, with scripts managing dependencies and running preliminary tests. The outcome is a dependable build that, when integrated with the main branch, triggers further automated processes.

### Run Phase

As the build phase concludes, the pipeline executes the code in a controlled environment. Running the container image in a staging environment can be done using a container orchestration tool such as Kubernetes. This crucial step involves the team conducting a series of automated tests to validate the application's functionality. Developers actively seek out and address bugs, ensuring the progression of only high-quality code through the pipeline.

### Delivery Phase

In the delivery stage of the CI/CD pipeline, teams automate the journey of new code from [repository](https://www.paloaltonetworks.com/cyberpedia/container-registry-security?ts=markdown) to production readiness. Every commit initiates a sequence of rigorous automated tests and quality checks, ensuring that only well-vetted code reaches the staging environment. Here, the software undergoes additional, often client-facing, validations. The process encapsulates the build's promotion through environments, each serving as a proving ground for stability and performance. The team's commitment to the delivery phase ensures that the software embodies the best of current development efforts.

### Deploy Phase

In the deploy stage, the application reaches its pivotal moment as teams roll it out to the production environment. Container orchestration tools, such as Kubernetes, assume control, scaling the application and updating it with minimal downtime. Teams have rollback mechanisms at the ready, allowing them to revert to previous versions if any issues emerge. At this point, the application becomes operational, serving its intended users and fulfilling its purpose in the digital ecosystem.

### Maintain Stage

Post-deployment, the team transitions to actively maintaining the application. They employ a [runtime solution](https://www.paloaltonetworks.com/cyberpedia/runtime-security) to continuously monitor performance, log errors, and gather user feedback, all of which drive future enhancements, as well as [container security](https://www.paloaltonetworks.com/cyberpedia/what-is-container-security) and [Kubernetes security](https://www.paloaltonetworks.com/cyberpedia/kubernetes-security).

As developers fine-tune the application, apply security patches, and roll out new features, the maintenance phase underscores the iterative nature of modern application development. Invariably, the product continues to evolve to meet user demands and integrate the latest technological advancements.

## Benefits of Container Orchestration

Container orchestration offers a suite of benefits that align with the objectives of DevOps, ultimately enhancing operational efficiency and reducing overheads in cloud environments.

### Enhances Scalability

Container orchestration platforms enable businesses to scale containerized applications in response to fluctuating demand --- without human intervention or attempting to predict application load. The orchestrator's bin packaging and autoscaling capabilities, coupled with public cloud infrastructure as code, dynamically allocate resources, ensuring optimal performance during peak loads.

### Facilitates Resilience

By distributing container instances across multiple hosts, orchestration tools bolster application resilience. They detect failures and automatically reinitiate containers, minimizing downtime and maintaining service continuity.

### Promotes Efficiency

Orchestration engines adjust resources to exactly what an application requires in various usage scenarios, preventing rampant overprovisioning or requiring organizations to architect and plan for high water utilization. This efficiency reduces infrastructure costs and maximizes return on investment.

### Simplifies Management

Container orchestrators provide a unified interface to manage clusters of containers, abstracting complex tasks and reducing the operational burden. Teams can deploy updates, monitor health, and enforce policies with minimal manual intervention.

### Improves Security

Container orchestration enhances security by automating the deployment of patches and security updates. It enforces consistent security policies across the entire container fleet, reducing the risk of vulnerabilities.

### Enables Portability

Orchestration ensures containerized applications remain agnostic to the underlying infrastructure, facilitating portability across different cloud environments and on-premises data centers.

### Accelerates Deployment Cycles

By automating deployment processes, orchestration tools shorten the time from development to production, enabling rapid iteration and faster time to market for new features.

### Supports DevOps Practices

Integrating with [CI/CD pipelines](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) and enhancing the agility of software development, container orchestration fosters collaboration between development and operations teams. Capabilities like health monitoring and self-healing enable teams to perform less system support and troubleshooting, optimizing DevOps productivity.

## The Container Ecosystem

Quite simply, the container ecosystem represents a significant shift in application development and deployment. Encompassing a range of components --- from runtime engines to orchestration platforms, registries, and security tools --- it offers enterprises the all-important efficiency today's fast-paced digital landscape demands.

Of course, at the heart of the ecosystem lies the synergy between the container engine and the orchestration engine. Together, these technologies guide containerized applications through the intricate stages of their lifecycle.

The container engine creates and packages individual containers, while the orchestrator engine manages and orchestrates multiple containers across a distributed infrastructure.

During development, the container engine facilitates rapid prototyping and testing, allowing developers to iterate quickly and efficiently. As the application matures, the orchestrator transitions it into production, providing a robust and scalable foundation for handling real-world workloads.  
![Figure 4: Docker and Kubernetes representing the dynamics of the container and orchestration engines](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/docker-and-kubernetes-dynamics-of-the-container.png "Figure 4: Docker and Kubernetes representing the dynamics of the container and orchestration engines") *Figure 4: Docker and Kubernetes representing the dynamics of the container and orchestration engines*

### Strategic Implications for Business Leaders

**Agility and Speed in Software Deployment**

The container ecosystem accelerates the deployment of applications. By encapsulating applications in containers, organizations can swiftly move from development to production, irrespective of the underlying environment. This agility is crucial for organizations that need to rapidly adapt to market changes or user demands.

**Enhanced Efficiency and Resource Optimization**

Offering an alternative to traditional virtual machines, containers share the underlying [OS kernel](https://www.paloaltonetworks.com/cyberpedia/host-os-operating-system-containers?ts=markdown) and consume fewer resources. This efficiency translates into reduced operational costs and improved utilization of computing resources, a key advantage for enterprises managing large-scale applications.

**Scalability and Flexibility**

Vital for digital enterprises experiencing fluctuating demand, orchestrators within the container ecosystem enable businesses to scale their applications without compromising performance. The container ecosystem as a whole refines previous capacities for scaling and resource availability.

**Consistency and Portability Across Environments**

The container ecosystem ensures consistency and portability. Applications packaged in containers can run uniformly and reliably across different computing environments, from on-premises data centers to public clouds.  
![Figure 5: Anatomy of hosted container environment](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/anatomy-of-hosted-container-environment.png "Figure 5: Anatomy of hosted container environment") *Figure 5: Anatomy of hosted container environment*

### Preparing for a Container-Driven Future

The future points to a digital world where most, if not all, applications run on containers. For executives, understanding the synergy behind the container ecosystem provides a strategic advantage. Armed with an informed point of view can enable you to anticipate and effectively meet the evolving demands of modern software development --- and with optimal ROI.

## Container Orchestration FAQs

### What is Helm?

Helm is a package manager for Kubernetes, simplifying the deployment and management of applications on Kubernetes clusters. It uses packages called charts, which are pre-configured Kubernetes resources. Helm charts streamline the process of defining, installing, and upgrading even the most complex Kubernetes applications. It manages dependencies between charts and updates them in a controlled way. Helm is essential for DevOps teams managing complex deployments, as it provides an efficient, repeatable, and standardized way to deploy applications.

### What is a ReplicaSet?

A ReplicaSet in Kubernetes ensures that a specified number of pod replicas are running at any given time. It's primarily used to guarantee the availability of a specified number of identical pods. If a pod fails, the ReplicaSet starts new ones to replace it. ReplicaSets are crucial for maintaining the desired state and high availability of applications, particularly in distributed and dynamic cloud environments.

### What is a deployment?

A Deployment in Kubernetes provides declarative updates to applications. It allows you to describe an application's lifecycle, such as which images to use for the app, the number of pods, and the way to update them, among other aspects. Deployments manage ReplicaSets and provide the ability to roll back to a previous deployment state, making them essential for managing stateless applications and ensuring their resilience and scalability.

### What is a StatefulSet?

A StatefulSet in Kubernetes is used for managing stateful applications. Unlike stateless applications managed by Deployments, stateful applications need persistent storage and unique network identifiers. StatefulSets maintain a sticky identity for each of their pods, ensuring that each pod is rescheduled with the same hostname and storage, even if it gets moved to a different node.

### What is a DaemonSet?

A DaemonSet in Kubernetes ensures that all (or some) nodes run a copy of a specific pod. As nodes are added to the cluster, pods are automatically added to them. Likewise, when nodes are removed from the cluster, those pods are garbage collected. DaemonSets are ideal for running tasks like logging, monitoring, or network proxy on every node, as they automatically manage the deployment and scaling of these tasks across the entire cluster.

### What is a service?

A service in Kubernetes is an abstraction that defines a logical set of pods and a policy to access them. This abstraction decouples work definition from the pods. Services route traffic across a set of pods, typically determined by a selector. They enable loose coupling between dependent pods, providing an IP address and DNS name by which the pods can be accessed. Services are crucial for ensuring that networked applications are easily accessible and resilient to changes in the underlying pod configurations.

### What is ingress?

Ingress in Kubernetes is a resource that manages external access to services within a cluster, typically HTTP. Ingress allows you to define rules for routing traffic to services, including URL paths, load balancing, SSL termination, and name-based virtual hosting. It's a key component for managing access to containerized applications from the outside world, providing a more sophisticated and flexible solution than simple port-forwarding.

### What is a ConfigMap?

A ConfigMap in Kubernetes is a resource used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume, which allows you to separate configuration artifacts from image content.

### What is a persistent volume (PV)?

A Persistent Volume (PV) in Kubernetes is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. It's a resource in the cluster just like a node and persists beyond the lifecycle of any individual pod. PVs provide a way for applications to mount storage independent of the underlying storage infrastructure, offering a more consistent and integrated storage solution for stateful applications.

### What is a persistent volume claim (PVC)?

A Persistent Volume Claim (PVC) in Kubernetes is a request for storage by a user. It's similar to a pod in that pods consume node resources and PVCs consume PV resources. PVCs allow a user to abstract the details of how the storage is provided and how it's consumed. When a user requests a PVC, they get bound to an available PV in the cluster, providing a dynamic way of managing storage resources in a Kubernetes environment.

### What is autoscaling?

Autoscaling in Kubernetes refers to the automatic adjustment of the number of pods in a deployment, replica set, or stateful set based on the current load. Autoscaling helps to ensure that applications have the right amount of resources at any given time, improving resource utilization and handling fluctuating workloads efficiently. Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) are two common types of autoscalers in Kubernetes, scaling the number of pods and the size of pods, respectively.
Related Content  
[The Definitive Guide to Container Security
Securing your containerized applications is a critical component of maintaining the integrity, confidentiality and availability of your cloud services.](https://www.paloaltonetworks.com/resources/ebooks/container-security-definitive-guide?ts=markdown)  
[Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms
To understand the impact of excessive permissions, we analyzed popular Kubernetes platforms --- distributions, managed services, and common add-ons --- to identify infrastructure compo...](https://www.paloaltonetworks.com/resources/whitepapers/kubernetes-privilege-escalation-excessive-permissions-in-popular-platforms?ts=markdown)  
[Container Security 101
Understanding the Basics of Securing Containers breaks down what organizations need to know to protect against breaches, malware, and malicious actors.](https://www.paloaltonetworks.com/resources/guides/prisma-container-security101?ts=markdown)  
[Guide to Operationalizing Your IaC Security Program
Infrastructure as code (IaC) plays a key role in containerized applications. Get a step-by-step plan to help you choose your IaC security path based on your needs, operationalize a...](https://www.paloaltonetworks.com/resources/whitepapers/guide-to-operationalizing-your-iac-security-program?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Container%20Orchestration%3F&body=Master%20container%20orchestration%20with%20ease%3A%20automate%20deployment%2C%20scaling%2C%20and%20management%20of%20containerized%20applications%20for%20efficient%20enterprise-level%20coordination.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-container-orchestration)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-orchestration-security?ts=markdown) What Is Orchestration Security?  
[Next](https://www.paloaltonetworks.com/cyberpedia/kubernetes-secrets?ts=markdown) How to Secure Kubernetes Secrets and Sensitive Data  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language