Cloud Native
Last Updated: 2024-08-25
Cloud native landscape: https://cncf.landscape2.io/
Projects
Orchestration
- [CNCF Graduated] Kubernetes
Tools
- kubectl
- kubeadm: it cares only about bootstrapping, not about provisioning machines. Likewise, installing various nice-to-have addons, like the Kubernetes Dashboard, monitoring solutions, and cloud-specific addons, is not in scope. Used by other tools like minikube, kind, etc.
kubeadm init
to bootstrap a Kubernetes control-plane nodekubeadm join
to bootstrap a Kubernetes worker node and join it to the clusterkubeadm upgrade
to upgrade a Kubernetes cluster to a newer version; Perform the upgrade of etcd by default.
- kops
- kube-ps1: change bash prompt
export '$(kube-ps1)'$PS1
- kubens: work with namespaces
- k9s: https://k9scli.io/
- krew: a plugin manager, Extend
kubectl
with plugins. - The KUbernetes Test TooL (kuttl): https://kuttl.dev/
Provision Tools
- Metal3: to provision bare metal hosts. Metals -> OpenStack Ironic -> PXE
- The Metal3 baremetal operator watches for BareMetalHost (CRD) objects
- PXE (Preboot Execution Environment) boot: to install a fresh OS on new or malfunctioning computers. On the client side it requires only a PXE-capable network interface controller (NIC), for operating system booting, installation and deployment in data centers.
Artifacts Managments
- [CNCF Graduated] Harbor: container registry. Since version 1.6.0 Harbor is now a composite cloud-native registry which supports both container image management and Helm charts management.
- [CNCF Graduated] Helm: the package manager for k8s. (similar to npm for node.)
Container Runtime
- [CNCF Graduated] containerd
- [CNCF Graduated] cri-o
Storage / Databases
- [CNCF Graduated] etcd: key-value store, used by k8s.
- [CNCF Graduated] Vitess: horizontally scale MySQL
- [CNCF Graduated] TiKV: distributed transactional key-value db, in Rust
- [CNCF Graduated] Rook: orchestrating Ceph on top of k8s; Ceph: a distributed fs.
Logging / Monitoring
- [CNCF Graduated] Prometheus: monitoring
- [CNCF Graduated] Jaeger: tracing
- [CNCF Incubating] OpenTelemetry: tracing. Merging OpenCensus and OpenTracing.
- [CNCF Graduated] Fluentd / Fluentbit: push logs
- Fluentd: written in Ruby, built as a Rube Gem, uses more memory.
- Fluent Bit: written in C, 0 dependencies, much smaller. A CNCF Sub-Project Under The Umbrella Of Fluentd.
- Grafana: view logs
- Grafana Loki: store logs
Security
3 areas: image security, runtime security, policy management.
- [CNCF Graduated] TUF: a framework, various tools implement this spec
- [CNCF Incubating] Notary: an implementation of the TUF spec. Docker uses Notary behind the scenes.
- [CNCF Graduated] OPA: use the same policy language, model, API for all cloud native projects.
- [CNCF Incubating] Falco: container runtime security, parses Linux system calls from the kernel.
Key Management
- [CNCF Graduated] Spiffe
- [CNCF Graduated] Spire
Networking
- [CNCF Incubating] CNI: the interface
- Cilium
- Calico
- Flannel
- [CNCF Graduated] CoreDNS
- [CNCF Incubating] Cilium: eBPF-based Networking, Observability, Security. https://cilium.io/
- [K8S SIG] External DNS: NOT a DNS server itself, but merely configures other DNS providers accordingly, e.g. AWS Route 53 or Google Cloud DNS.
Service Mesh and Proxy
Injects sidecar config into the YAML.
- [CNCF Graduated] Envoy: service proxy, sidecar.
- [CNCF Graduated] Linkerd
- [CNCF Incubating] Istio
CI / CD
- [CNCF Graduated] Argo
- Prow: a Kubernetes-native CI/CD system. https://github.com/kubernetes/test-infra/tree/master/prow
- [CNCF Graduated] flux
VM: KubeVirt
Read: kubevirt
Application Frameworks
- Quarkus: an alternative to spring boot. Java based. Better performance, Container First, kubernetes native, microservice first. Quarkus brings immutability to containers, faster startup, and more predictability.
Cert
- [CNCF Incubating] cert-manager is the de facto standard for X.509 certificates in Kubernetes environments.
cert-manager
adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. https://github.com/cert-manager/cert-manager - step-ca: an online Certificate Authority (CA) for secure, automated X.509 and SSH certificate management.
Others
- [CNCF Incubating] Knative: serverless.
- [CNCF Incubating] gRPC: RPC framework.
- vcluster: https://www.vcluster.com/
Foundations
The Linux Foundation vs CNCF: The Linux Foundation is the parent of CNCF. CNCF is one of the LF’s largest sub-foundations.
Most of these projects are hosted in CNCF; some are directly under LF; some are independent.