Sustaining and Integrating Open Source Technologies

The Cloud Native Computing Foundation builds sustainable ecosystems and fosters
a community around a constellation of high-quality projects that orchestrate
containers as part of a microservices architecture.

CNCF serves as the vendor-neutral home for many of the fastest-growing projects on GitHub, including Kubernetes, Prometheus and Envoy, fostering collaboration
between the industry’s top developers, end users, and vendors.

What is CNCF?

CNCF is an open source software foundation dedicated to making cloud native computing universal and sustainable. Cloud native computing uses an open source software stack to deploy applications as microservices, packaging each part into its own container, and dynamically orchestrating those containers to optimize resource utilization. Cloud native technologies enable software developers to build great products faster.



We host and nurture components of cloud native software stacks, including Kubernetes, Prometheus and Envoy. Kubernetes and other CNCF projects are some of the highest velocity projects in the history of open source. We are regularly adding new projects to better support a full stack cloud native environment.

Kubernetes is the world’s most popular container-orchestration platform and the first CNCF project. Kubernetes helps users build, scale and manage modern applications and their dynamic lifecycles. First developed at Google, Kubernetes now counts more than 2,300 contributors and is used by some of the world’s most-innovative companies, across a wide range of industries. The cluster scheduler capability lets developers build cloud native applications, while focusing on code rather than ops. Kubernetes future-proofs application development and infrastructure management on-premises or in the cloud, without vendor or cloud-provider lock-in.

Visit Project Website

Prometheus delivers real-time monitoring, alerting and time-series database capabilities (including powerful queries and visualizations) for cloud native applications, and integrates with many popular open source tools for data import/export. It is already the de facto standard for monitoring container-based infrastructure, and continues to add major features as user requirements mature. Prometheus provides needed visibility into and troubleshooting for cloud native architectures, including Kubernetes and other next-generation components.

Visit Project Website

Envoy is a service mesh originally created at Lyft, and now used inside companies including Google, Apple, Netflix and more. Envoy is written in C++ and designed to minimize memory and CPU footprint, while providing capabilities such as load balancing and deep observability of network, tracing and database activity in microservices environments.

Visit Project Website

CoreDNS is a DNS server optimized for performance, flexibility and service discovery requirements of cloud native environments. CoreDNS is the successor to SkyDNS, written in Go. It includes a wide variety of capabilities, including Kubernetes support and monitoring via Prometheus, and emphasizes plugins to add new capabilities or compile a pared-down implementation. DNS is a critical part of cloud native or microservice-based architectures, which can include hundreds or thousands of individual services, containers and other endpoints. CoreDNS was designed to support these architectures, as well as to easily support new functionality as requirements mature.

Visit Project Website

Containerd is an industry-standard container runtime developed by Docker and based on the Docker Engine runtime. Containerd creates choice in the container ecosystem by providing a runtime that can manage Docker and OCI container images as part of new platforms or products. Containerd is meant to be integrated directly into third-party software products and projects (e.g., Kubernetes), providing foundational capabilities around the container lifecycle. It provides primitives for a number of fundamental container lifecycle processes, leaving developers free to innovate at higher levels.

Visit Project Website

Fluentd is a unified logging tool that collects data from any number of sources (including databases, application servers and end-user devices) and works with numerous alerting, analytics and storage options. Fluentd helps users better understand what’s happening in their environments by providing a unified layer for collecting, filtering, and routing log data among many popular sources and destinations. Fluentd makes log analysis easier by providing a unified platform for collecting, structuring (in JSON, if possible) and exporting data. It utilizes a pluggable architecture to simplify the addition of new data sources (e.g., connected devices) and backend systems (e.g., cloud storage and databases) come online, thanks to its unified platform and pluggable architecture and is integrated into popular products from Atlassian, Microsoft and other software vendors.

Visit Project Website

Tracing is a critical part of a microservice-based environment, in order to track behavior of requests that span multiple services. OpenTracing is a distributed tracing API that works across a wide variety of popular open source and commercial tracing tools. The OpenTracing API makes it possible to monitor microservice interactions using, or switching between, popular tools such as Jaeger, Zipkin, DataDog and more. It’s the product of a community effort by engineers at LightStep, Red Hat, Uber and other companies, which gives developers a single tool for accurate tracing even in heterogeneous environments.

Visit Project Website

gRPC is a high-performance RPC (Remote Procedure Call) framework developed by Google and optimized for the large-scale, multi-platform nature of cloud native computing environments connecting services across languages, clouds and data centers, and connecting mobile devices to backend servers. gRPC supports 10 popular languages and is used by some of the world’s leading businesses, technology vendors and universities. gRPC improves latency of remote calls in distributed computing environments, while supporting polyglot programming and including client libraries for iOS and Android, as well as backend servers.

Visit Project Website

Rkt is a viable alternative to Docker container engine, originally created by CoreOS, designed for maximum composability and to manage collections of containers called pods. Rkt does not utilize a daemon to manage containers, but instead launches containers directly from the command line. It is optimized for security and integration with other open source container technologies and standards.

Visit Project Website

The Container Networking Interface (CNI) project was created by a collection of industry organizations in order to standardize the basic network interface for containers inside cloud native environments. CNI gives developers the freedom to build applications across multiple container runtimes while experiencing a consistent networking API. CNI advances the state of container networking by standardizing basic functions like the addition and deletion of container resources across common runtimes (including Kubernetes, Rkt, Mesos and Cloud Foundry) and actively supporting advanced network capabilities via third-party plugins.

Visit Project Website

Jaeger is a distributed tracing system developed by Uber to monitor its large microservices environment, and is now used a collection of companies including Red Hat, SeatGeek and Under Armour. Jaeger was designed to be highly scalable and available, and provides native support for the OpenTracing standard and numerous storage backends. It features a modern UI and is designed to integrate with cloud native systems such as OpenTracing, Kubernetes and Prometheus.

Visit Project Website

Originally created by Docker, Notary is an implementation of TUF (another CNCF project) designed to establish trust over digital content via strong cryptography. Notary does this by ensuring software is coming from the expected source, and that it has not been altered by anybody except its author. It gives developers a cryptographic tool to verify the provenance of containers and their content.

Visit Project Website

The Update Framework (TUF) is a specification for securing software-update systems against attacks that occur during updates or initial installations. TUF was originally developed by the NYU School of Engineering and has been integrated into enterprise software products developed by Docker and VMware, among others. TUF uses cryptographic keys to help protect against known exploits during software installation or updates, by ensuring users are installing the files they intend to install. TUF is integrated as part of the software development process, rather than as a standalone cybersecurity tool.

Visit Project Website

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multiple shards. With Vitess, you can even split and merge shards as your needs grow, with an atomic cutover step that takes only a few seconds. Vitess has been a core component of YouTube’s database infrastructure since 2011, and has grown to encompass tens of thousands of MySQL nodes.It’s architected to run as effectively in a public or private cloud architecture as it does on dedicated hardware. It combines and extends many important MySQL features with the scalability of a NoSQL database.

Visit Project Website

NATS is a simple, high performance open source messaging system for cloud native applications, IoT messaging, and microservices architectures. It implements the publish/subscribe, request/reply and distributed queue patterns to help create a performant and secure method of InterProcess Communication (IPC). Simplicity, performance, scalability and security are the core tenets of NATS.

Visit Project Website

Linkerd is a cloud-native service mesh built on top of Netty and Finagle, tools built by Twitter to manage its expansive microservices environment making it scalable to tens of thousands of requests per second. Linkerd provides a separate proxy layer through which distributed application services can communicate with each other to handle tasks such as load balancing, routing and TLS. It helps ease the transition to, and operation of, cloud native architectures by managing the interactions among microservices in order to ensure application performance.

Visit Project Website

Helm is a package manager that provides an easy way to find, share, and use software built for Kubernetes. It removes complexity from configuration and deployment, and enables greater developer productivity. Helm addresses a common user need of deploying applications to Kubernetes by making their configurations reusable. Helm’s packaging format, called charts, is a collection of files that describe a related set of Kubernetes resources. Charts are created as files laid out in a particular directory tree, which can then be packaged into versioned archives to be deployed.

Visit Project Website

Rook is an open source orchestrator for distributed storage systems running in cloud native environments.Rook turns distributed storage software into a self-managing, self-scaling, and self-healing storage services. It does this by automating deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. Rook uses the facilities provided by the underlying cloud-native container management, scheduling and orchestration platform to perform its duties. Rook is currently in alpha state and has focused initially on orchestrating Ceph on-top of Kubernetes. Ceph is a distributed storage system that provides file, block and object storage and is deployed in large scale production clusters.

Visit Project Website

Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities. Harbor solves common challenges by delivering trust, compliance, performance, and interoperability. It fills a gap for organizations and applications that cannot use a public or cloud-based registry or want a consistent experience across clouds. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity, and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries and also offers advanced security features such as user management, access control, and activity auditing.

Visit project website

etcd is a distributed reliable key-value store for the most critical data of a distributed system, with a focus on being simple, secure, fast, and reliable. etcd is written in Go and uses the Raft consensus algorithm to manage a highly-available replicated log.

Visit project website

Open Policy Agent (OPA) is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library.

Services offload policy decisions to OPA by executing queries. OPA evaluates policies and data to produce query results (which are sent back to the client). Policies are written in a high-level declarative language and can be loaded into OPA via the filesystem or well-defined APIs.

Visit project website

CRI-O is an implementation of the Kubernetes CRI (Container Runtime Interface) to enable using OCI (Open Container Initiative) compatible runtimes. It is a lightweight alternative to using Docker as the runtime for kubernetes. It allows Kubernetes to use any OCI-compliant runtime as the container runtime for running pods. Today it supports runc and Clear Containers as the container runtimes but any OCI-conformant runtime can be plugged in principle.

Visit project website

TiKV (“Ti” stands for Titanium) is an open source distributed transactional key-value database. Unlike other traditional NoSQL systems, TiKV not only provides classical key-value APIs, but also transactional APIs with ACID compliance. Built in Rust and powered by Raft, TiKV was originally created to complement TiDB, a distributed HTAP database compatible with the MySQL protocol.

Visit project website

News and Customer Testimonials

The New Stack: "Kubernetes 1.15 Aims to Extensibility with Custom Resource Definition Features"

With Kubernetes 1.14, the team moved 10 enhancements to stable, but this time around that number has dropped to two, with many more alpha and beta features being introduced. Kubernetes...

Read Now
Channel Futures: "Kubernetes 1.15 Release Gets Refinements to Ease Business Use"

The maturity of Kubernetes continues with v1.15, which arrives with custom resource definition updates and more. READ MORE

Read Now
Container Journal: "Kubernetes 1.15 Adds to API Kitty"

The release team in charge of Kubernetes today announced a 1.15 quarterly update that adds a bevy of application programming interfaces (APIs) to help make the platform even more flexible...

Read Now
View All

News and Community Testimonials

EmpowHER Reception Renamed EmpowerUs For KubeCon + CloudNativeCon Europe 2019

We’re thankful the community has supported the EmpowHER networking event opportunity for our attendees who identify as women or non-binary individuals over the past few years at KubeCon + CloudNativeCon. We received feedback last year though that it was time to evolve the name to one that more appropriately reflects the invited audience as a whole, thus EmpowHER becomes EmpowerUs moving forward.

Read Now
Cloud Native Computing Foundation Grows to More than 400 Members

The Cloud Native Computing Foundation (CNCF®), which sustains and integrates open source technologies like Kubernetes® and Prometheus™, today announced that 42 new members and end user supporters have joined the Foundation.

Read More
KubeCon + CloudNativeCon 2019 - Barcelona Recap Video
KubeCon + CloudNativeCon Barcelona 2019 recap video. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy and all of the other CNCF-hosted projects.
Watch Now
View All


CNCF has over 400 members including the world’s largest public cloud and enterprise software companies as well as dozens of innovative startups. The shifts in cloud computing, applications, and data have changed the technology and business conversation from just “How are you reducing my costs?” to also “How are you accelerating my business?” Join your industry peers in helping build and shape the cloud native ecosystem, its use cases and applications.

“Having certifications and foundation membership helps our customers know that we have passed many filters established by a rock-solid community of cloud native companies, developers, and enthusiasts. That helps our business. And as an open source consumer, we have a responsibility to support CNCF. “ 

Mark Brandon, CEO and Co-Founder of Qbox.

The success of CNCF is due to the contributions and support of our developer community and member companies. Learn how your organization can help sustain our projects.

Join Now

End User Community

CNCF’s End User Community is growing and made up of 80+ top companies and startups that are committed to accelerating the adoption of cloud-native technologies and improving the deployment experience. Sam Lambert of GitHub is the End User representative to the Technical Oversight Committee.

Learn More

Events and Webinars

Upcoming Events


Open Source Summit Japan

Date: Tuesday, June 20, 2017 - 3:00 pm

Location: Tokyo Conference Center Ariake 1 Chome-9-36 Konan, Minato
Tokyo , 108-0075 Japan

Upcoming Webinars


CNCF Webinar Series - Building Serverless Application Pipelines

Date: Tuesday, March 6, 2018 - 6:00 pm

All Events & Webinars

Training & Certification

Adopting new technology can be challenging, especially when it’s hard to find qualified people. The CNCF offers training and certification for key CNCF technologies like Kubernetes to ensure that organizations can train their own employees or hire from a strong body of experienced talent.

We offer a free Kubernetes Massively Open Online Course (MOOC) through our partnership with edX, and self-paced and instructor-led Kubernetes training. We also offer the official Certified Kubernetes Administrator certification to ensure a high level of expertise in the ecosystem.

Learn More

KubeCon + CloudNativeCon 2019 Community

Don’t miss your chance to engage with the growing community at KubeCon + CloudNativeCon China, being held June 24-26, 2019 in Shanghai or at KubeCon + CloudNativeCon North America, being held November 18-21, 2019 in San Diego!

KubeCon + CloudNativeCon 2018 Highlights

“CNCF events are without exception the smoothest (from the attendee side), highest value, and most welcoming I have attended in over thirty years of doing this.” - Roger Klorese, SUSE

Learn more about KubeCon + CloudNativeCon