Cloud Native

Last Updated: 2024-01-21

Cloud native landscape: https://cncf.landscape2.io/



  • [CNCF Graduated] Kubernetes


  • kubectl
  • kubeadm: it cares only about bootstrapping, not about provisioning machines. Likewise, installing various nice-to-have addons, like the Kubernetes Dashboard, monitoring solutions, and cloud-specific addons, is not in scope. Used by other tools like minikube, kind, etc.
    • kubeadm init to bootstrap a Kubernetes control-plane node
    • kubeadm join to bootstrap a Kubernetes worker node and join it to the cluster
    • kubeadm upgrade to upgrade a Kubernetes cluster to a newer version; Perform the upgrade of etcd by default.
  • kops
  • kube-ps1: change bash prompt export '$(kube-ps1)'$PS1
  • kubens: work with namespaces
  • k9s: https://k9scli.io/
  • krew: a plugin manager, Extend kubectl with plugins.
  • The KUbernetes Test TooL (kuttl): https://kuttl.dev/

Provision Tools

  • Metal3: to provision bare metal hosts. Metals -> OpenStack Ironic -> PXE
    • The Metal3 baremetal operator watches for BareMetalHost (CRD) objects
    • PXE (Preboot Execution Environment) boot: to install a fresh OS on new or malfunctioning computers. On the client side it requires only a PXE-capable network interface controller (NIC), for operating system booting, installation and deployment in data centers.

Artifacts Managments

  • [CNCF Graduated] Harbor: container registry. Since version 1.6.0 Harbor is now a composite cloud-native registry which supports both container image management and Helm charts management.
  • [CNCF Graduated] Helm: the package manager for k8s. (similar to npm for node.)

Container Runtime

  • [CNCF Graduated] containerd
  • [CNCF Graduated] cri-o

Storage / Databases

  • [CNCF Graduated] etcd: key-value store, used by k8s.
  • [CNCF Graduated] Vitess: horizontally scale MySQL
  • [CNCF Graduated] TiKV: distributed transactional key-value db, in Rust
  • [CNCF Graduated] Rook: orchestrating Ceph on top of k8s; Ceph: a distributed fs.

Logging / Monitoring

  • [CNCF Graduated] Prometheus: monitoring
  • [CNCF Graduated] Jaeger: tracing
  • [CNCF Incubating] OpenTelemetry: tracing. Merging OpenCensus and OpenTracing.
  • [CNCF Graduated] Fluentd / Fluentbit: push logs
    • Fluentd: written in Ruby, built as a Rube Gem, uses more memory.
    • Fluent Bit: written in C, 0 dependencies, much smaller. A CNCF Sub-Project Under The Umbrella Of Fluentd.
  • Grafana: view logs
  • Grafana Loki: store logs


3 areas: image security, runtime security, policy management.

  • [CNCF Graduated] TUF: a framework, various tools implement this spec
  • [CNCF Incubating] Notary: an implementation of the TUF spec. Docker uses Notary behind the scenes.
  • [CNCF Graduated] OPA: use the same policy language, model, API for all cloud native projects.
  • [CNCF Incubating] Falco: container runtime security, parses Linux system calls from the kernel.

Key Management

  • [CNCF Graduated] Spiffe
  • [CNCF Graduated] Spire


  • [CNCF Incubating] CNI: the interface
  • Cilium
  • Calico
  • Flannel
  • [CNCF Graduated] CoreDNS
  • [CNCF Incubating] Cilium: eBPF-based Networking, Observability, Security. https://cilium.io/
  • [K8S SIG] External DNS: NOT a DNS server itself, but merely configures other DNS providers accordingly, e.g. AWS Route 53 or Google Cloud DNS.

Service Mesh and Proxy

Injects sidecar config into the YAML.

  • [CNCF Graduated] Envoy: service proxy, sidecar.
  • [CNCF Graduated] Linkerd
  • [CNCF Incubating] Istio


VM: KubeVirt

Read: kubevirt

Application Frameworks

  • Quarkus: an alternative to spring boot. Java based. Better performance, Container First, kubernetes native, microservice first. Quarkus brings immutability to containers, faster startup, and more predictability.


  • [CNCF Incubating] cert-manager is the de facto standard for X.509 certificates in Kubernetes environments. cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. https://github.com/cert-manager/cert-manager
  • step-ca: an online Certificate Authority (CA) for secure, automated X.509 and SSH certificate management.



The Linux Foundation vs CNCF: The Linux Foundation is the parent of CNCF. CNCF is one of the LF’s largest sub-foundations.

Most of these projects are hosted in CNCF; some are directly under LF; some are independent.