Cloud Native

Last Updated: 2024-01-21

Projects

kubectl
kubeadm: it cares only about bootstrapping, not about provisioning machines. Likewise, installing various nice-to-have addons, like the Kubernetes Dashboard, monitoring solutions, and cloud-specific addons, is not in scope. Used by other tools like minikube, kind, etc.
- kubeadm init to bootstrap a Kubernetes control-plane node
- kubeadm join to bootstrap a Kubernetes worker node and join it to the cluster
- kubeadm upgrade to upgrade a Kubernetes cluster to a newer version; Perform the upgrade of etcd by default.
kops
kube-ps1: change bash prompt export '$(kube-ps1)'$PS1
kubens: work with namespaces
k9s: https://k9scli.io/
krew: a plugin manager, Extend kubectl with plugins.
The KUbernetes Test TooL (kuttl): https://kuttl.dev/

Metal3: to provision bare metal hosts. Metals -> OpenStack Ironic -> PXE
- The Metal3 baremetal operator watches for BareMetalHost (CRD) objects
- PXE (Preboot Execution Environment) boot: to install a fresh OS on new or malfunctioning computers. On the client side it requires only a PXE-capable network interface controller (NIC), for operating system booting, installation and deployment in data centers.

[CNCF Graduated] Harbor: container registry. Since version 1.6.0 Harbor is now a composite cloud-native registry which supports both container image management and Helm charts management.
[CNCF Graduated] Helm: the package manager for k8s. (similar to npm for node.)

[CNCF Graduated] etcd: key-value store, used by k8s.
[CNCF Graduated] Vitess: horizontally scale MySQL
[CNCF Graduated] TiKV: distributed transactional key-value db, in Rust
[CNCF Graduated] Rook: orchestrating Ceph on top of k8s; Ceph: a distributed fs.

[CNCF Graduated] Prometheus: monitoring
[CNCF Graduated] Jaeger: tracing
[CNCF Incubating] OpenTelemetry: tracing. Merging OpenCensus and OpenTracing.
[CNCF Graduated] Fluentd / Fluentbit: push logs
- Fluentd: written in Ruby, built as a Rube Gem, uses more memory.
- Fluent Bit: written in C, 0 dependencies, much smaller. A CNCF Sub-Project Under The Umbrella Of Fluentd.
Grafana: view logs
Grafana Loki: store logs

3 areas: image security, runtime security, policy management.

[CNCF Graduated] TUF: a framework, various tools implement this spec
[CNCF Incubating] Notary: an implementation of the TUF spec. Docker uses Notary behind the scenes.
[CNCF Graduated] OPA: use the same policy language, model, API for all cloud native projects.
[CNCF Incubating] Falco: container runtime security, parses Linux system calls from the kernel.

[CNCF Incubating] CNI: the interface
Cilium
Calico
Flannel
[CNCF Graduated] CoreDNS
[CNCF Incubating] Cilium: eBPF-based Networking, Observability, Security. https://cilium.io/
[K8S SIG] External DNS: NOT a DNS server itself, but merely configures other DNS providers accordingly, e.g. AWS Route 53 or Google Cloud DNS.
- https://github.com/kubernetes-sigs/external-dns

Injects sidecar config into the YAML.

[CNCF Graduated] Argo
Prow: a Kubernetes-native CI/CD system. https://github.com/kubernetes/test-infra/tree/master/prow
[CNCF Graduated] flux

Quarkus: an alternative to spring boot. Java based. Better performance, Container First, kubernetes native, microservice first. Quarkus brings immutability to containers, faster startup, and more predictability.

[CNCF Incubating] cert-manager is the de facto standard for X.509 certificates in Kubernetes environments. cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. https://github.com/cert-manager/cert-manager
step-ca: an online Certificate Authority (CA) for secure, automated X.509 and SSH certificate management.

The Linux Foundation vs CNCF: The Linux Foundation is the parent of CNCF. CNCF is one of the LF’s largest sub-foundations.

Most of these projects are hosted in CNCF; some are directly under LF; some are independent.