CNCF Projects

All projects of the Cloud Native Computing Foundation are classified with one of three stages of maturity. The CNCF TOC uses these criteria to define project maturity:

Graduated Projects

Argo

Kubernetes-native tools to run workflows, manage clusters, and do GitOps right.

Cilium

eBPF-based Networking, Security, and Observability

CloudEvents

Standardizing common eventing metadata and their location to help with event identification and routing.

containerd

An open and reliable container runtime

(Channel #containerd)

CoreDNS

CoreDNS is a DNS server that chains plugins

CRI-O

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

Envoy

Cloud-native high-performance edge/middle/service proxy

etcd

Distributed reliable key-value store for the most critical data of a distributed system

(Channel #etcd)

Falco

Cloud Native Runtime Security

Fluentd

Fluentd: Unified Logging Layer (project under CNCF)

Flux

Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit.

Harbor

An open source trusted cloud native registry project that stores, signs, and scans content.

Helm

The Kubernetes Package Manager

(Channel #helm-dev)

Istio

Simplify observability, traffic management, security, and policy with the Istio service mesh.

Jaeger

CNCF Jaeger, a Distributed Tracing Platform

(Channel #jaeger)

KEDA

KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

Kubernetes

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications

Linkerd

Ultra light, ultra simple, ultra powerful. Linkerd adds security, observability, and reliability to Kubernetes, without the complexity.

Open Policy Agent (OPA)

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Prometheus

The Prometheus monitoring system and time series database.

(Channel #prometheus)

Rook

Storage Orchestration for Kubernetes

SPIFFE

The SPIFFE Project

SPIRE

The SPIFFE Runtime Environment

The Update Framework (TUF)

Python reference implementation of The Update Framework (TUF)

TiKV

A distributed transactional key-value database. Based on the design of Google Spanner and HBase, but simpler to manage and without dependencies on any distributed filesystem

Vitess

MySQL-compatible, horizontally scalable, cloud-native database solution.

Incubating Projects

Artifact Hub

Find, install and publish Cloud Native packages

Backstage

Backstage is an open framework for building developer portals

Buildpacks

CLI for building apps using Cloud Native Buildpacks

cert-manager

Automatically provision and manage TLS certificates in Kubernetes

Chaos Mesh

A Chaos Engineering Platform for Kubernetes.

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Container Network Interface (CNI)

Container Network Interface - networking for Linux containers

Contour

Contour is a Kubernetes ingress controller using Envoy proxy.

Cortex

A horizontally scalable, highly available, multi-tenant, long term Prometheus.

Crossplane

Crossplane is the cloud native control plane framework that allows you to build control planes without needing to write code. Crossplane has a highly extensible backend that enables you to orchestrate applications and infrastructure no matter where they run and a highly configurable frontend that lets you define the declarative API it offers.

CubeFS

cloud-native distributed storage

Dapr

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.

Dragonfly

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project.

Emissary-Ingress

open source Kubernetes-native API gateway for microservices built on the Envoy Proxy

gRPC

The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#)

in-toto

in-toto is a framework to protect supply chain integrity.

Karmada

Open, Multi-Cloud, Multi-Cluster Kubernetes Orchestration

(Channel #karmada)

Keptn

Cloud-native application life-cycle orchestration. Keptn automates your SLO-driven multi-stage delivery and operations & remediation of your applications.

Keycloak

Keycloak is an open-source identity and access management solution for modern applications and services, built on top of industry security standard protocols.

Knative

Knative is a developer-focused serverless application layer which is a great complement to the existing Kubernetes application constructs. Knative consists of three components: an HTTP-triggered autoscaling container runtime called “Knative Serving”, a CloudEvents-over-HTTP asynchronous routing layer called “Knative Eventing”, and a developer-focused function framework which leverages the Serving and Eventing components, called "Knative Functions".

KubeEdge

Kubernetes Native Edge Computing Framework (project under CNCF)

Kubeflow

The Kubeflow project is dedicated to making deployments of machine learning workflows on Kubernetes simple, portable and scalable by providing a straightforward way to deploy best-of-breed open-source systems for ML to diverse infrastructures.

KubeVela

The Modern Application Platform.

KubeVirt

Kubernetes Virtualization API and runtime in order to define and manage virtual machines.

Kyverno

Cloud Native Policy Management

(Channel #kyverno)

Litmus

Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q

Longhorn

Cloud-native distributed storage for Kubernetes

NATS

NATS.io is a connective technology for distributed systems and is a perfect fit to connect devices, edge, cloud or hybrid deployments. True multi-tenancy makes NATS ideal for SaaS and self-healing and scaling technology allows for topology changes anytime with zero downtime.

Notary Project

A CLI tool to sign and verify artifacts

OpenFeature

Standardizing Feature Flagging for Everyone

OpenKruise

Automated management of large-scale applications on Kubernetes (incubating project under CNCF)

OpenTelemetry

OpenTelemetry community content

(Channel #opentelemetry)

Operator Framework

SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding.

Strimzi

Apache Kafka® running on Kubernetes

Thanos

Highly available Prometheus setup with long term storage capabilities. A CNCF Incubating project.

Volcano

A Cloud Native Batch System (Project under CNCF)

Sandbox Projects

Aeraki Mesh

Aeraki Mesh allows you to manage any layer-7 traffic in a service mesh

Akri

A Kubernetes Resource Interface for the Edge

(Channel #akri)

Antrea

Kubernetes networking based on Open vSwitch

Armada

A multi-cluster batch queuing system for high-throughput workloads on Kubernetes.

Athenz

Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures

Atlantis

Terraform Pull Request Automation for Teams

BFE

Open-source layer 7 load balancer derived from proprietary Baidu FrontEnd

bpfman

An eBPF Manager for Linux and Kubernetes

Capsule

Capsule implements a multi-tenant and policy-based environment in your Kubernetes cluster. It is designed as a micro-services-based ecosystem with the minimalist approach, leveraging only on upstream Kubernetes.

(Channel #capsule)

Carina

Carina: an high performance and ops-free local storage for kubernetes

Carvel

Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes.

CDK for Kubernetes (CDK8s)

CDK8s lets you define Kubernetes apps and components using familiar programming languages and object-oriented APIs.

Chaosblade

An easy to use and powerful chaos engineering experiment toolkit.（阿里巴巴开源的一款简单易用、功能强大的混沌实验注入工具）

Clusternet

[CNCF Sandbox Project] Managing your Kubernetes clusters (including public, private, edge, etc.) as easily as visiting the Internet

Clusterpedia

Clusterpedia is used for complex resources search across multiple clusters, support simultaneous search of a single kind of resource or multiple kinds of resources existing in multiple clusters.

CNI-Genie

CNI-Genie for choosing pod network of your choice during deployment time. Supported pod networks - Calico, Flannel, Romana, Weave

Confidential Containers

Confidential Containers is an open source community working to enable cloud native confidential computing by leveraging Trusted Execution Environments to protect containers and data.

(Channel #confidential-containers)

Connect RPC

Connect is a family of libraries for building browser and gRPC-compatible HTTP APIs.

ContainerSSH

ContainerSSH launches a new container for each SSH connection in Kubernetes, Podman or Docker. The user is transparently dropped in the container and the container is removed when the user disconnects. Authentication and container configuration are dynamic using webhooks, no system users required.

(Channel #containerssh)

Copa

🧵 CLI tool for directly patching container images!

(Channel #copa)

Curve

Curve is a distributed storage system designed and developed independently by NetEase, featured with high performance, high availability, high reliability and well expansibility, and it can serve as the basis for storage systems designed for different scenario.

Devfile

Kube-native API for cloud development workspaces specification

(Channel #devfile)

DevSpace

DevSpace - The Fastest Developer Tool for Kubernetes ⚡ Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes.

(Channel #devspace)

DevStream

DevStream: the open-source DevOps toolchain manager (DTM).

Dex

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

Distribution

The toolkit to pack, ship, store, and deliver container content

Easegress

A Cloud Native traffic orchestration system

Eraser

Eraser uses vulnerability data to remove non-running images from all Kubernetes nodes in a cluster.

external-secrets

External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.

FabEdge

Secure Edge Networking Solution Based On Kubernetes

Fluid

Fluid is an orchestration platform for elastic data abstraction and acceleration in cloud native environment.

hami

Heterogeneous AI Computing Virtualization Middleware

Headlamp

Extensible open source multi-cluster Kubernetes user interface

Hexa

Hexa Policy Orchestrator enables you to manage all of your access policies consistently across software providers.

HwameiStor

Hwameistor is an HA local storage system for cloud-native stateful workloads

Inclavare Containers

A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.

Inspektor Gadget

Open source eBPF debugging and data collection tool for Kubernetes and Linux

k3s

Lightweight Kubernetes

k8gb

A cloud native Kubernetes Global Balancer

K8sGPT

Giving Kubernetes Superpowers to everyone

K8up

Kubernetes and OpenShift Backup Operator

Kanister

An extensible framework for application-level data management on Kubernetes

KCL

A constraint-based record & functional language mainly used in configuration and policy scenarios.

kcp

Kubernetes-like control planes for form-factors and use-cases beyond Kubernetes and container workloads.

(Channel #kcp-dev)

Kepler

Kepler (Kubernetes-based Efficient Power Level Exporter) uses eBPF to probe energy related system stats and exports as Prometheus metrics.

Keylime

Bootstrap & Maintain Trust on the Edge / Cloud and IoT.

(Channel #Keylime)

ko

Build and deploy Go applications

(Channel #ko-build)

Konveyor

Konveyor Operator fully manages the deployment and life cycle of Konveyor (formerly Tackle) on Kubernetes and OpenShift.

(Channel #konveyor)

Koordinator

QoS based scheduling system for hybrid orchestration workloads on Kubernetes, bringing workloads the best layout and status.

kpt

Automate Kubernetes Configuration Editing

Krkn

Chaos testing tool for Kubernetes to identify bottlenecks and improve resilience and performance under failure conditions.

Kuadrant

Kuadrant combines Gateway API and Istio-based gateway controllers to enhance application connectivity. It enables platform engineers and application developers to easily connect, secure, and protect their services and infrastructure across multiple clusters with policies for TLS, DNS, application authentication & authorization, and rate limiting.

Kuasar

A multi-sandbox container runtime that provides cloud-native, all-scenario multiple sandbox container solutions.

(Channel #kuasar)

Kube-burner

Kubernetes performance and scale test orchestration framework written in golang

Kube-OVN

A Bridge between SDN and Cloud Native (Project under CNCF)

kube-rs

kube-rs is the core Rust ecosystem for building applications against Kubernetes

(Channel #kube)

kube-vip

Kubernetes Virtual IP and Load-Balancer for both control plane and Kubernetes services

Kubean

Product ready cluster lifecycle management toolchains based on kubespray and other cluster LCM engine.

KubeArmor

Runtime protection for Kubernetes & other cloud Workloads. Kubearmor provides a observability and policy enforcement system to restrict any unwanted, malicious behaviour of cloud-native workloads at runtime.

(Channel #kubearmor-project)

KubeClipper

Manage kubernetes in the most light and convenient way.

KubeDL

Run your deep learning workloads on Kubernetes more easily and efficiently.

Kuberhealthy

A Kubernetes operator for running synthetic checks as pods. Works great with Prometheus!

Kubescape

Kubescape is an open source security and compliance platform that scans clusters, Kubernetes manifest files (YAML files, and Helm charts), code repositories, container registries and images. It detects misconfigurations according to frameworks such as the NSA-CISA, MITRE ATT&CK® and CIS, as well as software vulnerabilities, and calculates risk scores.

KubeSlice

Multi-Cloud, Multi-Cluster Service Connectivity with Application Slices.

(Channel #kubeslice)

KubeStellar

KubeStellar - a flexible solution for challenges associated with multi-cluster configuration management for edge, multi-cloud, and hybrid cloud

(Channel #kubestellar-dev)

Kubewarden

Kubewarden is a Policy Engine powered by WebAssembly policies. Its policies can be written in CEL, Rego (OPA & Gatekeeper flavours), Rust, Go, YAML, and others. Kubewarden simplifies Policy-As-Code by allowing policy authors and consumers to use their preferred tooling and stack, develop and test policies out of cluster.

(Channel #kubewarden)

KUDO

Kubernetes Universal Declarative Operator (KUDO)

Kuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.

Kured

Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS

Lima

Linux virtual machines, typically on macOS, for running containerd

(Channel #lima)

Logging Operator (Kube Logging)

Logging operator for Kubernetes

LoxiLB

eBPF based cloud-native load-balancer. Powering Kubernetes|Edge|5G|IoT|XaaS Apps.

(Channel #loxilb)

Merbridge

Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge.

Meshery

Meshery, the cloud native manager

MetalLB

A network load-balancer implementation for Kubernetes using standard routing protocols

(Channel #metallb)

Metal³

Bare metal host provisioning integration for Kubernetes

Microcks

The open source, cloud native tool for API Mocking and Testing. Microcks is a Cloud Native Computing Foundation sandbox project 🚀

Network Service Mesh

CNCF is an open source software foundation that hosts and nurtures projects like Kubernetes and Prometheus.

Nocalhost

Nocalhost is Cloud Native Dev Environment.

Open Cluster Management

Core APIs for open cluster management

Open Policy Containers

A docker-inspired CLI for building, tagging, pushing, pulling, and signing OPA policies to and from OCI-compliant registries.

OpenCost

OpenCost provides visibility into current and historical Kubernetes spend and resource allocation.

(Channel #opencost)

OpenELB

Load Balancer Implementation for Kubernetes in Bare-Metal, Edge, and Virtualization

(Channel #openelb)

OpenFGA

OpenFGA is a high performance and flexible authorization/permission system built for developers and inspired by Google Zanzibar

OpenFunction

Cloud Native Function-as-a-Service Platform (CNCF Sandbox Project)

(Channel #openfunction)

openGemini

openGemini is an open source distributed time series DBMS with high concurrency, high performance, and high scalability, focusing on the storage and analysis of massive observability data.

OpenGitOps

Repository for top-level information about the OpenGitOps project

OpenYurt

An open platform that extending your native Kubernetes to edge.

ORAS

OCI registry client - managing content like artifacts, images, packages

OSCAL-COMPASS

The OSCAL COMPASS project is set of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs. It leverages NIST's OSCAL (Open Security Controls Assessment Language) as a standard data format for interchange between tools and people, and provides an opinionated approach to OSCAL SDK and adoption by policy engines.

Paralus

Paralus is a free, open source tool that enables controlled, audited access to Kubernetes infrastructure and Zero trust Kubernetes with zero friction.

Parsec

Platform AbstRaction for SECurity service

Perses

Perses is a dashboard tool to visualize observability data from Prometheus/Thanos/Jaeger.

(Channel #perses-dev)

PipeCD

GitOps style continuous delivery platform that provides consistent deployment and operations experience for any applications

Piraeus Datastore

The Piraeus Operator manages LINSTOR clusters in Kubernetes.

Pixie

Open source Kubernetes observability for developers

Porter

Porter enables you to package your application artifact, client tools, configuration and deployment logic together as an installer that you can distribute, and install with a single command.

Pravega

Pravega - Streaming as a new software defined storage primitive

Radius

Radius is a cloud-native application platform that enables developers and the platform engineers that support them to collaborate on delivering and managing cloud-native applications that follow organizational best practices for cost, operations and security, by default.

Ratify

A verification engine on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create.

SchemaHero

A Kubernetes operator for declarative database schema management (gitops for database schemas)

Score

Score is an open-source workload specification designed to simplify development for cloud-native developers.

sealer

Build, Share and Run Both Your Kubernetes Cluster and Distributed Applications (Project under CNCF)

Serverless Devs

:fire::fire::fire: Serverless Devs developer tool ( Serverless Devs 开发者工具 )

Serverless Workflow

Contains the official specification for the Serverless Workflow Domain Specific Language. It provides detailed guidelines and standards for defining, executing, and managing workflows in serverless environments, ensuring consistency and interoperability across implementations.

Service Mesh Performance

Standardizing Cloud Native Value Measurement

Shipwright

Shipwright - a framework for building container images on Kubernetes

Skooner

Simple Kubernetes real-time dashboard and management.

SlimToolkit

Inspect, Optimize and Debug Your Containers

(Channel #slim-toolkit)

SOPS

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

(Channel #sops)

Spiderpool

Spiderpool is the underlay and RDMA network solution of the Kubernetes, for bare metal, VM and public cloud

Stacker

Stacker is a tool for building OCI images and related artifacts such as SBOMs natively via a declarative yaml format.

Submariner

Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud.

SuperEdge

An edge-native container management system for edge computing

(Channel #superedge-community)

Telepresence

Local development against a remote Kubernetes or OpenShift cluster

Teller

Cloud native secrets management for developers - never leave your command line for secrets.

Tinkerbell

Workflow Engine for provisioning Bare Metal

Tremor

Main Tremor Project Rust Codebase

Trickster

Open Source HTTP Reverse Proxy Cache and Time Series Dashboard Accelerator

Vineyard

Vineyard (v6d) is an in-memory immutable data manager.

Virtual Kubelet

Virtual Kubelet is an open source Kubernetes kubelet implementation.

Visual Studio Code Kubernetes Tools

The extension for developers building applications to run in Kubernetes clusters and for DevOps staff troubleshooting Kubernetes applications.

wasmCloud

wasmCloud is an open source Cloud Native Computing Foundation (CNCF) project that enables teams to build, manage, and scale polyglot apps across any cloud, K8s, or edge.

WasmEdge Runtime

WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.

werf

werf is a solution for implementing efficient and consistent software delivery to Kubernetes. It covers the entire CI/CD lifecycle and all related artifacts, glues commonly used tools (Git, Docker/Buildah, Helm, K8s) and facilitates best practices.

Xline

Xline is a high-performance geo-distributed metadata management system, which is compatible with the ETCD interface.

zot

Zot is an OCI-native container registry for distributing container images and OCI artifacts.

Non-code Projects

Cloud Native Glossary

“The Cloud Native Glossary is a project led by the CNCF Business Value Subcommittee. Its goal is to explain cloud native concepts in clear and simple language without requiring any previous technical knowledge.” - Cloud Native Glossary

Project Repository: https://github.com/cncf/glossary
Contributor Guide: https://glossary.cncf.io/contribute/
Chat: CNCF Slack: #glossary and #glossary-localizations in cloudnative.slack.com
License: Apache 2.0 license. Documentation is distributed under CC BY 4.0.

Archived Projects

Brigade

Event-driven scripting for Kubernetes

Curiefense

Curiefense is a unified, open source platform protecting cloud native applications.

Fonio

Data first monitoring agent using (e)BPF, built on RedBPF

Krator

Kubernetes Rust State Machine Operator

Krustlet

Kubernetes Rust Kubelet

Open Service Mesh

Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.