Kubernetes - Cloud Native Ecosystem

Last Updated: 2023-02-16



  • [CNCF Graduated] Kubernetes

Artifacts Managments

Read more: Artifacts Managements

  • [CNCF Graduated] Harbor: container registry. Since version 1.6.0 Harbor is now a composite cloud-native registry which supports both container image management and Helm charts management.
  • [CNCF Graduated] Helm: the package manager for k8s. (similar to npm for node.)

Container Runtime

  • [CNCF Graduated] containerd
  • [CNCF Incubating] cri-o

Storage / Databases

  • [CNCF Graduated] etcd: key-value store, used by k8s.
  • [CNCF Graduated] Vitess: horizontally scale MySQL
  • [CNCF Graduated] TiKV: distributed transactional key-value db, in Rust
  • [CNCF Graduated] Rook: orchestrating Ceph on top of k8s; Ceph: a distributed fs.

Logging / Monitoring

  • [CNCF Graduated] Prometheus: monitoring
  • [CNCF Graduated] Jaeger: tracing
  • [CNCF Incubating] OpenTelemetry: tracing. Merging OpenCensus and OpenTracing.
  • [CNCF Graduated] Fluentd / Fluentbit: push logs
    • Fluentd: written in Ruby, built as a Rube Gem, uses more memory.
    • Fluent Bit: written in C, 0 dependencies, much smaller. A CNCF Sub-Project Under The Umbrella Of Fluentd.
  • Grafana: view logs
  • Grafana Loki: store logs


3 areas: image security, runtime security, policy management.

  • [CNCF Graduated] TUF: a framework, various tools implement this spec
  • [CNCF Incubating] Notary: an implementation of the TUF spec. Docker uses Notary behind the scenes.
  • [CNCF Graduated] OPA: use the same policy language, model, API for all cloud native projects.
  • [CNCF Incubating] Falco: container runtime security, parses Linux system calls from the kernel.

Key Management

  • [CNCF Graduated] Spiffe
  • [CNCF Graduated] Spire


  • [CNCF Incubating] CNI: the interface
  • Calico
  • Flannel
  • [CNCF Graduated] CoreDNS
  • [CNCF Incubating] Cilium: eBPF-based Networking, Observability, Security. https://cilium.io/

Service Mesh and Proxy

Injects sidecar config into the YAML.

  • [CNCF Graduated] Envoy: service proxy, sidecar.
  • [CNCF Graduated] Linkerd
  • [CNCF Incubating] Istio


VM: KubeVirt

KubeVirt: manage VMs in k8s. For teams that want to adopt k8s but have legacy VM based workloads. Cost savings, from eliminating hypervisor license and efficient resource utilization across containers and VMs.

  • KubeVirt uses QEMU; QEMU is the actual process to give you a VM.
  • KubeVirt launches QEMU in a container using virt-launcher.
  • virt-controller -> API server -> DeamonSet virt-handler -> virt-launcher.
  • How to keep vm alive if they are on pod? Live migration to other pod.

VM vs pod:

  • vm needs a static ip address and a mac address; needs L2 connectivity to external network.
  • kubevirt deploys VM inside a pod; vm uses a macvtap interface to get direct connection to the physical network, and get static mac address and static ip address.

Application Frameworks

  • Quarkus: an alternative to spring boot. Java based. Better performance, Container First, kubernetes native, microservice first. Quarkus brings immutability to containers, faster startup, and more predictability.


  • [CNCF Incubating] Knative: serverless.
  • [CNCF Incubating] gRPC: RPC framework.
  • [CNCF Incubating] cert-manager is the de facto standard for X.509 certificates in Kubernetes environments. cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. https://github.com/cert-manager/cert-manager


The Linux Foundation vs CNCF: The Linux Foundation is the parent of CNCF. CNCF is one of the LF’s largest sub-foundations.

Most of these projects are hosted in CNCF; some are directly under LF; some are independent.


Cluster API


Provisioning, upgrading, and operating multiple Kubernetes clusters.

kubeadm is built-in.

Book: https://cluster-api.sigs.k8s.io/