Cloud Native

Projects

kubeadm vs kops:

Metal3 (https://metal3.io/): to provision bare-metal hosts.
- Dependencies: Metal3 -> OpenStack Ironic -> PXE
- Ironic (https://ironicbaremetal.org/) is responsible for provisioning the bare-metal server, Metal3 just provides a k8s API. (similar to ceph vs rook)
- The Metal3 baremetal operator watches for BareMetalHost objects
- PXE (Preboot Execution Environment) boot: to install a fresh OS on new or malfunctioning computers. On the client side it requires only a PXE-capable network interface controller (NIC), for operating system booting, installation and deployment in data centers.

[CNCF Graduated] Harbor: container registry. Since version 1.6.0 Harbor is now a composite cloud-native registry which supports both container image management and Helm charts management.
[CNCF Graduated] Helm: the package manager for k8s. (similar to npm for node.)

[CNCF Graduated] etcd: key-value store, used by k8s.
[CNCF Graduated] Vitess: horizontally scale MySQL
[CNCF Graduated] TiKV: distributed transactional key-value db, in Rust
[CNCF Graduated] Rook: orchestrating Ceph on top of k8s; Ceph: a distributed fs.

[CNCF Graduated] Prometheus: monitoring
[CNCF Graduated] Jaeger: tracing
[CNCF Incubating] OpenTelemetry: tracing. Merging OpenCensus and OpenTracing.
[CNCF Graduated] Fluentd / Fluentbit: push logs
- Fluentd: written in Ruby, built as a Rube Gem, uses more memory.
- Fluent Bit: written in C, 0 dependencies, much smaller. A CNCF Sub-Project Under The Umbrella Of Fluentd.
Grafana: view logs
Grafana Loki: store logs

3 areas: image security, runtime security, policy management.

[CNCF Graduated] TUF: a framework, various tools implement this spec
[CNCF Incubating] Notary: an implementation of the TUF spec. Docker uses Notary behind the scenes.
[CNCF Graduated] OPA: use the same policy language, model, API for all cloud native projects.
[CNCF Incubating] Falco: container runtime security, parses Linux system calls from the kernel.

[CNCF Incubating] CNI: the interface
Cilium
Calico
Flannel
[CNCF Graduated] CoreDNS
[CNCF Incubating] Cilium: eBPF-based Networking, Observability, Security. https://cilium.io/
[K8S SIG] External DNS: NOT a DNS server itself, but merely configures other DNS providers accordingly, e.g. AWS Route 53 or Google Cloud DNS.
- https://github.com/kubernetes-sigs/external-dns

Injects sidecar config into the YAML.

[CNCF Graduated] Argo
Prow: a Kubernetes-native CI/CD system. https://github.com/kubernetes/test-infra/tree/master/prow
[CNCF Graduated] flux

Quarkus: an alternative to spring boot. Java based. Better performance, Container First, kubernetes native, microservice first. Quarkus brings immutability to containers, faster startup, and more predictability.

[CNCF Incubating] cert-manager is the de facto standard for X.509 certificates in Kubernetes environments. cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. https://github.com/cert-manager/cert-manager
step-ca: an online Certificate Authority (CA) for secure, automated X.509 and SSH certificate management.

[CNCF Incubating] Knative: https://knative.dev/.

Kubernetes-based platform to deploy and manage modern serverless workloads.

Serverless users are afraid of vendor lock-in, so Knative is created to make serverless standardized and portable.

Knative is the open source version
Google Cloud Run is an internal implementation of the same Knative Serving API, running on Google's internal infrastruction (i.e. on borg, not on k8s).
Google Cloud Run for Anthos (now reborn as Knative serving under GKE Enterprise) is using the open source Knative running on k8s (GKE)

The Linux Foundation vs CNCF: The Linux Foundation is the parent of CNCF. CNCF is one of the LF’s largest sub-foundations.

Most of these projects are hosted in CNCF; some are directly under LF; some are independent.