CNCF serves as the vendor-neutral home for many of the fastest-growing projects on GitHub, including Kubernetes, Prometheus and Envoy, fostering collaboration
between the industry’s top developers, end users, and vendors.
What is CNCF?
CNCF is an open source software foundation dedicated to making cloud native computing universal and sustainable. Cloud native computing uses an open source software stack to deploy applications as microservices, packaging each part into its own container, and dynamically orchestrating those containers to optimize resource utilization. Cloud native technologies enable software developers to build great products faster.Join
We host and nurture components of cloud native software stacks, including Kubernetes, Prometheus and Envoy. Kubernetes and other CNCF projects are some of the highest velocity projects in the history of open source. We are regularly adding new projects to better support a full stack cloud native environment.
Kubernetes is the world’s most popular container-orchestration platform and the first CNCF project. Kubernetes helps users build, scale and manage modern applications and their dynamic lifecycles. First developed at Google, Kubernetes now counts more than 2,300 contributors and is used by some of the world’s most-innovative companies, across a wide range of industries. The cluster scheduler capability lets developers build cloud native applications, while focusing on code rather than ops. Kubernetes future-proofs application development and infrastructure management on-premises or in the cloud, without vendor or cloud-provider lock-in.Visit Project Website
Prometheus delivers real-time monitoring, alerting and time-series database capabilities (including powerful queries and visualizations) for cloud native applications, and integrates with many popular open source tools for data import/export. It is already the de facto standard for monitoring container-based infrastructure, and continues to add major features as user requirements mature. Prometheus provides needed visibility into and troubleshooting for cloud native architectures, including Kubernetes and other next-generation components.Visit Project Website
Envoy is a service mesh originally created at Lyft, and now used inside companies including Google, Apple, Netflix and more. Envoy is written in C++ and designed to minimize memory and CPU footprint, while providing capabilities such as load balancing and deep observability of network, tracing and database activity in microservices environments.Visit Project Website
CoreDNS is a DNS server optimized for performance, flexibility and service discovery requirements of cloud native environments. CoreDNS is the successor to SkyDNS, written in Go. It includes a wide variety of capabilities, including Kubernetes support and monitoring via Prometheus, and emphasizes plugins to add new capabilities or compile a pared-down implementation. DNS is a critical part of cloud native or microservice-based architectures, which can include hundreds or thousands of individual services, containers and other endpoints. CoreDNS was designed to support these architectures, as well as to easily support new functionality as requirements mature.Visit Project Website
Containerd is an industry-standard container runtime developed by Docker and based on the Docker Engine runtime. Containerd creates choice in the container ecosystem by providing a runtime that can manage Docker and OCI container images as part of new platforms or products. Containerd is meant to be integrated directly into third-party software products and projects (e.g., Kubernetes), providing foundational capabilities around the container lifecycle. It provides primitives for a number of fundamental container lifecycle processes, leaving developers free to innovate at higher levels.Visit Project Website
Fluentd is a unified logging tool that collects data from any number of sources (including databases, application servers and end-user devices) and works with numerous alerting, analytics and storage options. Fluentd helps users better understand what’s happening in their environments by providing a unified layer for collecting, filtering, and routing log data among many popular sources and destinations. Fluentd makes log analysis easier by providing a unified platform for collecting, structuring (in JSON, if possible) and exporting data. It utilizes a pluggable architecture to simplify the addition of new data sources (e.g., connected devices) and backend systems (e.g., cloud storage and databases) come online, thanks to its unified platform and pluggable architecture and is integrated into popular products from Atlassian, Microsoft and other software vendors.Visit Project Website
Tracing is a critical part of a microservice-based environment, in order to track behavior of requests that span multiple services. OpenTracing is a distributed tracing API that works across a wide variety of popular open source and commercial tracing tools. The OpenTracing API makes it possible to monitor microservice interactions using, or switching between, popular tools such as Jaeger, Zipkin, DataDog and more. It’s the product of a community effort by engineers at LightStep, Red Hat, Uber and other companies, which gives developers a single tool for accurate tracing even in heterogeneous environments.Visit Project Website
gRPC is a high-performance RPC (Remote Procedure Call) framework developed by Google and optimized for the large-scale, multi-platform nature of cloud native computing environments connecting services across languages, clouds and data centers, and connecting mobile devices to backend servers. gRPC supports 10 popular languages and is used by some of the world’s leading businesses, technology vendors and universities. gRPC improves latency of remote calls in distributed computing environments, while supporting polyglot programming and including client libraries for iOS and Android, as well as backend servers.Visit Project Website
Rkt is a viable alternative to Docker container engine, originally created by CoreOS, designed for maximum composability and to manage collections of containers called pods. Rkt does not utilize a daemon to manage containers, but instead launches containers directly from the command line. It is optimized for security and integration with other open source container technologies and standards.Visit Project Website
The Container Networking Interface (CNI) project was created by a collection of industry organizations in order to standardize the basic network interface for containers inside cloud native environments. CNI gives developers the freedom to build applications across multiple container runtimes while experiencing a consistent networking API. CNI advances the state of container networking by standardizing basic functions like the addition and deletion of container resources across common runtimes (including Kubernetes, Rkt, Mesos and Cloud Foundry) and actively supporting advanced network capabilities via third-party plugins.Visit Project Website
Jaeger is a distributed tracing system developed by Uber to monitor its large microservices environment, and is now used a collection of companies including Red Hat, SeatGeek and Under Armour. Jaeger was designed to be highly scalable and available, and provides native support for the OpenTracing standard and numerous storage backends. It features a modern UI and is designed to integrate with cloud native systems such as OpenTracing, Kubernetes and Prometheus.Visit Project Website
Originally created by Docker, Notary is an implementation of TUF (another CNCF project) designed to establish trust over digital content via strong cryptography. Notary does this by ensuring software is coming from the expected source, and that it has not been altered by anybody except its author. It gives developers a cryptographic tool to verify the provenance of containers and their content.Visit Project Website
The Update Framework (TUF) is a specification for securing software-update systems against attacks that occur during updates or initial installations. TUF was originally developed by the NYU School of Engineering and has been integrated into enterprise software products developed by Docker and VMware, among others. TUF uses cryptographic keys to help protect against known exploits during software installation or updates, by ensuring users are installing the files they intend to install. TUF is integrated as part of the software development process, rather than as a standalone cybersecurity tool.Visit Project Website
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multiple shards. With Vitess, you can even split and merge shards as your needs grow, with an atomic cutover step that takes only a few seconds. Vitess has been a core component of YouTube’s database infrastructure since 2011, and has grown to encompass tens of thousands of MySQL nodes.It’s architected to run as effectively in a public or private cloud architecture as it does on dedicated hardware. It combines and extends many important MySQL features with the scalability of a NoSQL database.Visit Project Website
NATS is a simple, high performance open source messaging system for cloud native applications, IoT messaging, and microservices architectures. It implements the publish/subscribe, request/reply and distributed queue patterns to help create a performant and secure method of InterProcess Communication (IPC). Simplicity, performance, scalability and security are the core tenets of NATS.Visit Project Website
Helm is a package manager that provides an easy way to find, share, and use software built for Kubernetes. It removes complexity from configuration and deployment, and enables greater developer productivity. Helm addresses a common user need of deploying applications to Kubernetes by making their configurations reusable. Helm’s packaging format, called charts, is a collection of files that describe a related set of Kubernetes resources. Charts are created as files laid out in a particular directory tree, which can then be packaged into versioned archives to be deployed.Visit Project Website
Rook is an open source orchestrator for distributed storage systems running in cloud native environments.Rook turns distributed storage software into a self-managing, self-scaling, and self-healing storage services. It does this by automating deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. Rook uses the facilities provided by the underlying cloud-native container management, scheduling and orchestration platform to perform its duties. Rook is currently in alpha state and has focused initially on orchestrating Ceph on-top of Kubernetes. Ceph is a distributed storage system that provides file, block and object storage and is deployed in large scale production clusters.Visit Project Website
Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities. Harbor solves common challenges by delivering trust, compliance, performance, and interoperability. It fills a gap for organizations and applications that cannot use a public or cloud-based registry or want a consistent experience across clouds. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity, and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries and also offers advanced security features such as user management, access control, and activity auditing.Visit project website
etcd is a distributed reliable key-value store for the most critical data of a distributed system, with a focus on being simple, secure, fast, and reliable. etcd is written in Go and uses the Raft consensus algorithm to manage a highly-available replicated log.Visit project website
Open Policy Agent (OPA) is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library.
Services offload policy decisions to OPA by executing queries. OPA evaluates policies and data to produce query results (which are sent back to the client). Policies are written in a high-level declarative language and can be loaded into OPA via the filesystem or well-defined APIs.Visit project website
CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for kubernetes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods. Today it supports runc and Clear Containers as the container runtimes but any OCI-conformant runtime can be plugged in principle.Visit project website
News and Customer Testimonials
The revolving door of hosted projects within the Cloud Native Computing Foundation continued to turn this week as the organization welcomed in a new incubated project and saw one of...Read Now
Red Hat’s Container Runtime Interface — Orchestrator (CRI-O) — is now a CNCF incubation level project. READ MORERead Now
Red Hat initiated CRI-O, an OCI-based (Open Container Initiative) implementation of the Kubernetes Container Runtime Interface, is the latest project voted into the ranks of the Cloud Native Computing Foundation....Read Now
News and Community Testimonials
Fluentd has become the sixth project to graduate from the Cloud Native Computing Foundation (CNCF), following in the footsteps of Kubernetes, Prometheus, Envoy, CoreDNS and containerd.Read Now
CNCF hosts the biggest open source and cloud native event in China featuring talks from Alibaba, Baidu, Huawei, Tencent and Yahoo! Japan, Adds Open Source Summit from the Linux FoundationRead More
CNCF has over 375 members including the world’s largest public cloud and enterprise software companies as well as dozens of innovative startups. The shifts in cloud computing, applications, and data have changed the technology and business conversation from just “How are you reducing my costs?” to also “How are you accelerating my business?” Join your industry peers in helping build and shape the cloud native ecosystem, its use cases and applications.
“Having certifications and foundation membership helps our customers know that we have passed many filters established by a rock-solid community of cloud native companies, developers, and enthusiasts. That helps our business. And as an open source consumer, we have a responsibility to support CNCF. “
Mark Brandon, CEO and Co-Founder of Qbox.
The success of CNCF is due to the contributions and support of our developer community and member companies. Learn how your organization can help sustain our projects.Join Now
End User Community
CNCF’s End User Community is growing and made up of 50+ top companies and startups that are committed to accelerating the adoption of cloud-native technologies and improving the deployment experience. Sam Lambert of GitHub is the End User representative to the Technical Oversight Committee.
Events and Webinars
Date: Tuesday, April 23, 2019 - 5:00 pmRegister
Training & Certification
Adopting new technology can be challenging, especially when it’s hard to find qualified people. The CNCF offers training and certification for key CNCF technologies like Kubernetes to ensure that organizations can train their own employees or hire from a strong body of experienced talent.
We offer a free Kubernetes Massively Open Online Course (MOOC) through our partnership with edX, and self-paced and instructor-led Kubernetes training. We also offer the official Certified Kubernetes Administrator certification to ensure a high level of expertise in the ecosystem.Learn More
KubeCon + CloudNativeCon 2018 Community
Don’t miss your chance to engage with the growing community at KubeCon + CloudNativeCon China, being held November 13-15, 2018 in Shanghai or at KubeCon + CloudNativeCon North America, being held December 10-13, 2018 in Seattle!