Kubernetes - Cloud Native Ecosystem

Last Updated: 2023-02-16

Projects

Orchestration

[CNCF Graduated] Kubernetes

Artifacts Managments

Container Runtime

[CNCF Graduated] containerd
[CNCF Incubating] cri-o

Storage / Databases

[CNCF Graduated] etcd: key-value store, used by k8s.
[CNCF Graduated] Vitess: horizontally scale MySQL
[CNCF Graduated] TiKV: distributed transactional key-value db, in Rust
[CNCF Graduated] Rook: orchestrating Ceph on top of k8s; Ceph: a distributed fs.

Logging / Monitoring

[CNCF Graduated] Prometheus: monitoring
[CNCF Graduated] Jaeger: tracing
[CNCF Incubating] OpenTelemetry: tracing. Merging OpenCensus and OpenTracing.
[CNCF Graduated] Fluentd / Fluentbit: push logs
- Fluentd: written in Ruby, built as a Rube Gem, uses more memory.
- Fluent Bit: written in C, 0 dependencies, much smaller. A CNCF Sub-Project Under The Umbrella Of Fluentd.
Grafana: view logs
Grafana Loki: store logs

Security

3 areas: image security, runtime security, policy management.

[CNCF Graduated] TUF: a framework, various tools implement this spec
[CNCF Incubating] Notary: an implementation of the TUF spec. Docker uses Notary behind the scenes.
[CNCF Graduated] OPA: use the same policy language, model, API for all cloud native projects.
[CNCF Incubating] Falco: container runtime security, parses Linux system calls from the kernel.

Key Management

[CNCF Graduated] Spiffe
[CNCF Graduated] Spire

Networking

[CNCF Incubating] CNI: the interface
Calico
Flannel
[CNCF Graduated] CoreDNS
[CNCF Incubating] Cilium: eBPF-based Networking, Observability, Security. https://cilium.io/

Service Mesh and Proxy

Injects sidecar config into the YAML.

[CNCF Graduated] Envoy: service proxy, sidecar.
[CNCF Graduated] Linkerd
[CNCF Incubating] Istio

CI / CD

[CNCF Graduated] Argo
Prow: a Kubernetes-native CI/CD system. https://github.com/kubernetes/test-infra/tree/master/prow
[CNCF Graduated] flux

VM: KubeVirt

KubeVirt: manage VMs in k8s. For teams that want to adopt k8s but have legacy VM based workloads. Cost savings, from eliminating hypervisor license and efficient resource utilization across containers and VMs.

KubeVirt uses QEMU; QEMU is the actual process to give you a VM.
KubeVirt launches QEMU in a container using virt-launcher.
virt-controller -> API server -> DeamonSet virt-handler -> virt-launcher.
How to keep vm alive if they are on pod? Live migration to other pod.

VM vs pod:

vm needs a static ip address and a mac address; needs L2 connectivity to external network.
kubevirt deploys VM inside a pod; vm uses a macvtap interface to get direct connection to the physical network, and get static mac address and static ip address.

Application Frameworks

Quarkus: an alternative to spring boot. Java based. Better performance, Container First, kubernetes native, microservice first. Quarkus brings immutability to containers, faster startup, and more predictability.

Others

[CNCF Incubating] Knative: serverless.
[CNCF Incubating] gRPC: RPC framework.
[CNCF Incubating] cert-manager is the de facto standard for X.509 certificates in Kubernetes environments. cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. https://github.com/cert-manager/cert-manager

Foundations

The Linux Foundation vs CNCF: The Linux Foundation is the parent of CNCF. CNCF is one of the LF’s largest sub-foundations.

Most of these projects are hosted in CNCF; some are directly under LF; some are independent.

SIGS

Cluster API

https://github.com/kubernetes-sigs/cluster-api

Provisioning, upgrading, and operating multiple Kubernetes clusters.

kubeadm is built-in.

Book: https://cluster-api.sigs.k8s.io/