CNCF Project Summary Table

The CNCF Project Summary Table provides a standardized, summary of CNCF projects.
The filters on the left side help refine your view. Start by filtering by category (e.g., orchestration and management) and then subcategory (e.g., service mesh for an overview of all available CNCF service meshes).
Project
Description
Maturity
Target Users
Tags
Use Case
Business Use
Languages
First Commit
Last Commit
Release Cadence
Github Stars
Integrations
Website
Github
Overview Video
Akri CDK for Kubernetes (CDK8s) Cloud Custodian DevStream KubeDL KubeEdge Metal3-io OpenYurt SuperEdge Tinkerbell Distribution Dragonfly Harbor zot cert-manager Confidential Containers ContainerSSH Curiefense Dex external-secrets Falco Hexa in-toto Keylime KubeArmor Kubescape Kubewarden Kyverno Notary Open Policy Agent (OPA) Open Policy Containers OpenFGA Paralus Parsec The Update Framework (TUF) Athenz SPIFFE SPIRE Teller Carina CubeFS Curve K8up Longhorn OpenEBS ORAS Piraeus Datastore Rook Vineyard containerd CRI-O Inclavare Containers Lima rkt WasmEdge Runtime Antrea Cilium CNI-Genie Container Network Interface (CNI) FabEdge Kube-OVN Network Service Mesh Submariner Armada Clusterpedia Crossplane Fluid Karmada kube-rs Kubernetes Kured Open Cluster Management Volcano wasmCloud CoreDNS etcd k8gb gRPC BFE Contour Envoy OpenELB Emissary-Ingress Aeraki Mesh Istio Kuma Linkerd Merbridge Meshery Open Service Mesh Service Mesh Interface (SMI) Service Mesh Performance SchemaHero TiKV Vitess CloudEvents NATS Pravega Strimzi Tremor Artifact Hub Backstage Buildpacks Carvel Devfile DevSpace Helm ko Konveyor Krator KubeVela KubeVirt KUDO Nocalhost Operator Framework Porter sealer Serverless Workflow Telepresence Argo Brigade Flux Keptn OpenFeature OpenGitOps OpenKruise werf k3s Serverless Devs Dapr Keda Knative Krustlet OpenFunction Virtual Kubelet Cortex Fonio Kuberhealthy OpenMetrics Pixie Prometheus Skooner Thanos Trickster Fluentd Jaeger OpenTelemetry OpenTracing Chaos Mesh Chaosblade Litmus OpenCost WasmEdge wasmCloud wasmCloud
A Kubernetes Resource Interface for the Edge Define Kubernetes native apps and abstractions using object-oriented programming Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources DevStream: the open-source DevOps toolchain manager (DTM). Run your deep learning workloads on Kubernetes more easily and efficiently. Kubernetes Native Edge Computing Framework (project under CNCF) CNCF is an open source software foundation that hosts and nurtures projects like Kubernetes and Prometheus. OpenYurt - Extending your native Kubernetes to edge(project under CNCF) An edge-native container management system for edge computing A workflow engine for provisioning bare metal. The toolkit to pack, ship, store, and deliver container content Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. An open source trusted cloud native registry project that stores, signs, and scans content. zot - A production-ready vendor-neutral OCI-native container image registry (purely based on OCI Distribution Specification) Automatically provision and manage TLS certificates in Kubernetes Documentation for the confidential containers project ContainerSSH: Launch containers on demand Curiefense is a unified, open source platform protecting cloud native applications. OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. Cloud Native Runtime Security Hexa Policy Orchestrator enables you to manage all of your access policies consistently across software providers. in-toto is a framework to protect supply chain integrity. A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT Cloud-native Runtime Security Enforcement System. [CNCF Sandbox Project] Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources. Manage admission policies in your Kubernetes cluster with ease Kubernetes Native Policy Management Notary is a project that allows anyone to have trust over arbitrary collections of data An open source, general-purpose policy engine. CLI for building OPA policies into OCI images A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs. Platform AbstRaction for SECurity service Python reference implementation of The Update Framework (TUF) Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases. The SPIFFE Project The SPIFFE Runtime Environment Cloud native secrets management for developers - never leave your command line for secrets. Carina: an high performance and ops-free local storage for kubernetes CubeFS is a cloud native file storage Curve is a high-performance, lightweight-operation, cloud-native open source distributed storage system. Curve can be applied to: 1) mainstream cloud-native infrastructure platforms OpenStack and Kubernetes; 2) high-performance storage for cloud-native databases; 3) cloud storage middleware using S3-compatible object storage as a data storage. Kubernetes and OpenShift Backup Operator Cloud native distributed block storage built on and for Kubernetes Leading Open Source Container Attached Storage, built using Cloud Native Architecture, simplifies running Stateful Applications on Kubernetes. OCI registry client - managing content like artifacts, images, packages High Available Datastore for Kubernetes Open Cloud-Native Storage for Kubernetes An in-memory immutable data manager. An open and reliable container runtime Open Container Initiative-based implementation of Kubernetes Container Runtime Interface A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem. Linux virtual machines, typically on macOS, for running containerd [Project ended] rkt is a pod-native container engine for Linux. It is composable, secure, and built on standards. WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices. Kubernetes networking based on Open vSwitch eBPF-based Networking, Security, and Observability CNI-Genie for choosing pod network of your choice during deployment time. Supported pod networks - Calico, Flannel, Romana, Weave Container Network Interface - networking for Linux containers Secure Edge Networking Solution Based On Kubernetes A Bridge between SDN and Cloud Native (Project under CNCF) The Hybrid/Multi-cloud IP Service Mesh Connect all your Kubernetes clusters, no matter where they are in the world. A multi-cluster batch queuing system for high-throughput workloads on Kubernetes. The Encyclopedia of Kubernetes clusters Cloud Native Control Planes Fluid, elastic data abstraction and acceleration for BigData/AI applications in cloud. (Project under CNCF) Open, Multi-Cloud, Multi-Cluster Kubernetes Orchestration Rust Kubernetes client and controller runtime Production-Grade Container Scheduling and Management Kubernetes Reboot Daemon Contains useful documentation on the OCM project. Report here if you found any issues in OCM. A Cloud Native Batch System (Project under CNCF) Project homepage. wasmCloud allows for simple, secure, distributed application development using WebAssembly actors and capability providers. CoreDNS is a DNS server that chains plugins Distributed reliable key-value store for the most critical data of a distributed system A cloud native Kubernetes Global Balancer The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#) A modern layer 7 load balancer from baidu Contour is a Kubernetes ingress controller using Envoy proxy. Cloud-native high-performance edge/middle/service proxy Load Balancer Implementation for Kubernetes in Bare-Metal, Edge, and Virtualization open source Kubernetes-native API gateway for microservices built on the Envoy Proxy Manage any layer-7 protocols in a Service Mesh. Connect, secure, control, and observe services. 🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project. Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x. Use eBPF to speed up your Service Mesh like crossing an Einstein-Rosen Bridge. Meshery, the cloud native manager Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments. Service Mesh Interface Standardizing Service Mesh Value Measurement A Kubernetes operator for declarative database schema management (gitops for database schemas) Distributed transactional key-value database, originally created to complement TiDB Vitess is a database clustering system for horizontal scaling of MySQL. CloudEvents High-Performance server for NATS.io, the cloud and edge native messaging system. Pravega - Streaming as a new software defined storage primitive Kubernetes-native data streaming powered by Apache Kafka Main Tremor Project Rust Codebase Find, install and publish Kubernetes packages Backstage is an open platform for building developer portals CLI for building apps using Cloud Native Buildpacks YAML templating tool that works on YAML structure instead of text Kube-native API for cloud development workspaces specification DevSpace - The Fastest Developer Tool for Kubernetes ⚡ Automate your deployment workflow with DevSpace and develop software directly inside Kubernetes. The Kubernetes Package Manager Build and deploy Go applications Documentation for Konveyor Community Kubernetes Rust State Machine Operator The Modern Application Platform. Kubernetes Virtualization API and runtime in order to define and manage virtual machines. Kubernetes Universal Declarative Operator (KUDO) Nocalhost is Cloud Native Dev Environment. SDK for building Kubernetes applications. Provides high level APIs, useful abstractions, and project scaffolding. Porter enables you to package your application artifact, client tools, configuration and deployment logic together as an installer that you can distribute, and install with a single command. Build, Share and Run Both Your Kubernetes Cluster and Distributed Applications (Project under CNCF) Serverless Workflow Specification Local development against a remote Kubernetes or OpenShift cluster Declarative continuous deployment for Kubernetes. Event-driven scripting for Kubernetes Open and extensible continuous delivery solution for Kubernetes. Powered by GitOps Toolkit. Cloud-native application life-cycle orchestration. Keptn automates your SLO-driven multi-stage delivery and operations & remediation of your applications. OpenFeature project community and governance Repository for top-level information about the OpenGitOps project Automated management of large-scale applications on Kubernetes (project under CNCF) A solution for implementing efficient and consistent software delivery to Kubernetes facilitating best practices. Lightweight Kubernetes :fire::fire::fire: Serverless Devs developer tool ( Serverless Devs 开发者工具 ) Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes Kubernetes-based, scale-to-zero, request-driven compute Kubernetes Rust Kubelet Cloud Native Function-as-a-Service Platform (CNCF Sandbox Project) Virtual Kubelet is an open source Kubernetes kubelet implementation. A horizontally scalable, highly available, multi-tenant, long term Prometheus. Data first monitoring agent using (e)BPF, built on RedBPF A Kubernetes operator for running synthetic checks as pods. Works great with Prometheus! Evolving the Prometheus exposition format into a standard. Instant Kubernetes-Native Application Observability The Prometheus monitoring system and time series database. Simple Kubernetes real-time dashboard and management. Highly available Prometheus setup with long term storage capabilities. A CNCF Incubating project. Open Source HTTP Reverse Proxy Cache and Time Series Dashboard Accelerator Fluentd: Unified Logging Layer (project under CNCF) CNCF Jaeger, a Distributed Tracing Platform OpenTelemetry community content OpenTracing API for Go. 🛑 This library is DEPRECATED! https://github.com/opentracing/specification/issues/163 A Chaos Engineering Platform for Kubernetes. An easy to use and powerful chaos engineering experiment toolkit.(阿里巴巴开源的一款简单易用、功能强大的混沌实验注入工具) Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q Cross-cloud cost allocation models for Kubernetes workloads WasmEdge is a lightweight, high-performance, and extensible WebAssembly runtime for cloud native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices. Project homepage. wasmCloud allows for simple, secure, distributed application development using WebAssembly actors and capability providers. Project homepage. wasmCloud allows for simple, secure, distributed application development using WebAssembly actors and capability providers.
sandbox sandbox incubating sandbox sandbox incubating sandbox sandbox sandbox sandbox sandbox incubating graduated sandbox incubating sandbox sandbox sandbox sandbox sandbox incubating sandbox incubating sandbox sandbox sandbox sandbox incubating incubating graduated sandbox sandbox sandbox sandbox graduated sandbox graduated graduated sandbox sandbox incubating sandbox sandbox incubating sandbox sandbox sandbox graduated sandbox graduated incubating sandbox sandbox archived sandbox sandbox incubating sandbox incubating sandbox sandbox sandbox sandbox sandbox sandbox incubating sandbox sandbox sandbox graduated sandbox sandbox incubating sandbox graduated graduated sandbox incubating sandbox incubating graduated sandbox incubating sandbox incubating sandbox graduated sandbox sandbox sandbox sandbox sandbox sandbox graduated graduated incubating incubating sandbox sandbox sandbox sandbox incubating incubating sandbox sandbox sandbox graduated sandbox sandbox sandbox incubating incubating sandbox sandbox incubating sandbox sandbox sandbox sandbox graduated archived graduated incubating sandbox sandbox incubating sandbox sandbox sandbox incubating incubating incubating sandbox sandbox sandbox incubating sandbox sandbox incubating sandbox graduated sandbox incubating sandbox graduated graduated incubating archived incubating sandbox incubating sandbox sandbox sandbox sandbox
          Platform Engineers             SREs, Cloud Architects, Platform Engineers, DevOps Engineer, DevOps practitioners, DevSecOps practitioners SREs, Cloud Architects, Platform Engineers, DevOps Engineer, DevOps practitioners, DevSecOps practitioners Cluster administrators, developers, platform engineers           SREs, Cloud Architects, Platform Engineers, DevOps Engineer, DevOps practitioners, DevSecOps practitioners   Security teams, Developers, Tools Groups   DevSecOps,Developers,CISO,Security Admin,System Admin     Platform engineering,DevOps engineers,Security admins,Cluster admins,Policy authors             Security teams, Repository administrators, Registry administrators   Platform Engineers,Security Engineers,Developers,Architects       Cloud Architects, Developers, SREs     Kubernetes users who need persistent storage in their cluster.       SRE/ DevOps Engineers Users who are deploying data-intensive applications in cloud-native environments.           Developers, DevOps Engineers   Platform engineers, Network teams, SRE, DevOps Engineers, Security teams                                                 Developers, Platform engineers Platform Engineers, Architects SREs, DevOps Engineers, Architects SREs, DevOps Engineers, Architects, Platform Engineers SREs, DevOps, Platform Engineers, Architects, Developers SREs, DevOps Engineers, Architects             Application Developers, ML Engineers, DevOps Engineers, Architects, Platform Engineers, DBA Infrastructure teams Developers, Platform engineers     Developers and SRE/DevOps Engineers                       SREs, DevOps, Platform Engineers, Architects, Developers               Developers, Platform Engineers Application Developers, ML Engineers, DevOps Engineers, Architects, Platform Engineers   SREs, DevOps & Platform Engineers, Architects, Developers               Developers, Platform engineers       Developers, Platform engineers           Cluster Administrators, Developers, SREs Cluster Administrators, Developers, SREs, Platform Engineers, Network Engineers   Cluster Administrators, Developers, SREs, Platform Engineers, Network Engineers                        
-
-
-
-
-
- tag1
- tag2
- tag3
-
-
-
-
-
-
- registry
- images
- OCI
- container
- artefacts
- vulnerability scanning
- self-hosted
- harbor
- edge
- replication
- registry
- images
- OCI
- container
- artifacts
- vulnerability scanning
- self-hosted
- zot
- edge
- image-sync
- certificates
- acme
- letsencrypt
- security
- encryption
- tls
- ssl
- x509
-
-
-
-
-
- Security
- Go
- C++
- DevOps
- DevSecOps
- Container
- Cloud native
- Kubernetes
- Runtime
- Threat detection
- Syscalls
- Monitoring
- Observability
- Anomaly detection
- Kubernetes
-
- Security
- Go
- Python
- software supply chain
-
- runtime
- security
- application firewall
- microsegmentation
-
-
- policy
- policy-as-code
- governance
- software supply chain
-
-
-
-
-
-
- Security
- Go
- Python
- Rust
- JavaScript
- CLI
-
- Security
- Identity
- Credentials
- Certificate
- Rotation
- Standard
- Attestation
- Authentication
-
-
-
- Kubernetes,Filesystem,Object Storage,Hadoop,Cloud Storage
- Distributed
- Cloud-native
- Multi-tenancy
- Erasure Coding
-
-
- kubernetes
- storage
- csi
- backup
-
-
-
- Storage
- Persistence
- Data
- CSI
- Operator
- Kubernetes
- distributed systems
- shared-memory
- in-memory storage
- big-data-analytics
-
-
-
-
-
- Edge Cloud
- Edge Devices
- Container
- Embedded runtime
- Serverless
- UDF
- Microservices
- Streaming data
- OCI Runtime
- SaaS
-
- CNI
- Networking
- Load Balancing
- Service Mesh
- Observability
- Runtime Security
- eBPF
- Cluster Mesh
- Multicloud
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- OpenELB
- LoadBalancer
- Kubernetes
- ingress
- api gateway
- gateway
- decentralized-operation
- developer-friendly
- Service Mesh
- observability
- Service Mesh
- mTLS
- traffic management
- multi-cluster
- load balancing
- policy
- security
- extensibility
- mTLS
- security
- traffic management
- observability
- microservices
- resilience
- load balancing
- service mesh
- policy
- wasm
- zero trust
- multi-cluster
- cross-platform
- kubernetes
- virtual machines
- mTLS
- observability
- multi-cluster
- load balancing
- traffic authorization
- security
- zero trust
- Rust
-
-
-
-
-
-
- Key-value database
- Cloud storage
- Transactional
- TiDB
- Strong consistency
- Raft
- RocksDB
- Titan
- Raft-Engine
- Scalable
- reliable
- MySQL
- distributed
- cloud-native
- kubernetes
- cloud
- database
- events
- eventing
- serverless
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Kubernetes
- Application
- Microservices
- Serverless
- Continuous Delivery
- PaaS
- CUE
- control-plane
- Multicloud
- OAM
- MultiCluster
- HybridCloud.
-
-
-
-
-
-
-
- debug
- develop
- api
- testing
- remocal
- application deployment
- continuous deployment
- data pipelines
- machine learning
- Kubernetes workflows
-
- OCI
- container
- security
- gitops
- Kubernetes
- Helm
- Observability
- Software Supply Chain
- Policy
- CICD
- Multi-Tenancy
- API Gateway
-
-
-
-
-
-
-
- Developer APIs
- Distributed Systems
- Microservices
- HTTP
- gRPC
- Go
- Java
- Python
- .NET
- Javascript
- C++
- Rust
- CLI
-
-
-
- FaaS
- Serverless
- KEDA
- Knative
- Shipwright
- Buildpacks
- Distributed Systems
-
- observability
- prometheus
-
-
-
- eBPF
- observability
- profiling
- monitoring
- alerting
- observability
- instrumentation
-
- monitoring
- alerting
- observability
- instrumentation
-
-
-
-
-
-
-
-
-
-
-
-
          KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.It is built upon kubernetes and provides fundamental infrastructure support for network, app. deployment and metadata synchronization between cloud and edge. Our goal is to make an open platform to enable Edge computing, extending native containerized application orchestration capabilities to hosts at Edge             Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Can be installed on any Kubernetes environment or on a system with Docker support.   cert-manager is a powerful and extensible X.509 certificate controller for Kubernetes and OpenShift workloads. It will obtain certificates from a variety of Issuers, both popular public Issuers as well as private Issuers, and ensure the certificates are valid and up-to-date, and will attempt to renew certificates at a configured time before expiry.           Falco is a cloud-native runtime security project that makes it easy to consume kernel events. Falco enriches these events with additional information from the Kubernetes platform and ecosystem as well as the rest of the cloud native stack. Falco can also be extended to other data sources through the use of plugins. Falco offers a rich set of security rules designed for Kubernetes, Linux, and cloud native environments. When a rule is violated in the system, Falco alerts users with details about the violation and severity.   in-toto provides security for the software supply chain. It can cryptographically track and validate the build, version control, testing, deployment, dependency, etc. actions that happen as you make your software. in-toto also can enforce policies over these actions, so that your supply chain is performed in the way that you describe.   Secure workloads at runtime.     Pod security,Policy-as-code,Governance,Software supply chain             TUF secures container registries, package repositories, etc. so that the system resists successful attacks and can recover securely. TUF uses a combination of security mechanisms and tooling to provide a strong root of trust used by other security projects as well, such as Sigstore. It is easy to integrate and simple to manage; try it for yourself   The Secure Production Identity Framework For Everyone (SPIFFE) Project defines a framework and set of standards for identifying and securing communications between application services. At its core, SPIFFE is: A standard defining how services identify themselves to each other. These are called SPIFFE IDs and are implemented as Uniform Resource Identifiers (URIs). A standard for encoding SPIFFE IDs in a cryptographically-verifiable document called a SPIFFE Verifiable Identity Document or SVIDs. An API specification for issuing and/or retrieving SVIDs. This is the Workload API. The SPIFFE Project has a reference implementation, the SPIRE (the SPIFFE Runtime Environment), that in addition to the above, it: - Performs node and workload attestation. - Implements a signing framework for securely issuing and renewing SVIDs. - Provides an API for registering nodes and workloads, along with their designated SPIFFE IDs. - Provides and manages the rotation of keys and certs for mutual authentication and encryption between workloads. - Simplifies access from identified services to secret stores, databases, services meshes and cloud provider services. - Interoperability and federation to SPIFFE compatible systems across heterogeneous environments and administrative trust boundaries The SPIFFE Workload API can attest running software systems and issue SPIFFE IDs and SVIDs to them. This in turn allows two workloads to establish trust between each other, for example by establishing an mTLS connection or by signing and verifying a JWT token. Use of SPIFFE can also enable workloads to securely authenticate to a secret store, a database, or a cloud provider service.       CubeFS is a distributed file system supports data access protocols such as S3, POSIX, HDFS. It supports multiple copies and erasure code storage engines, and provides users with multiple features such as multi-tenancy, multi-AZ deployment, and cross-regional replication.     * Highly available persistent storage for Kubernetes In the past, ITOps and DevOps have found it hard to add replicated storage to Kubernetes clusters. As a result many non-cloud-hosted Kubernetes clusters don’t support persistent storage. External storage arrays are non-portable and can be extremely expensive. Longhorn delivers simplified, easy to deploy and upgrade, 100% open source, cloud-native persistent block storage without the cost overhead of open core or proprietary alternatives. * Easy incremental snapshots and backups Longhorn’s built-in incremental snapshot and backup features keep the volume data safe in or out of the Kubernetes cluster. Scheduled backups of persistent storage volumes in Kubernetes clusters is simplified with Longhorn’s intuitive, free management UI. * Cross-cluster disaster recovery External replication solutions will recover from a disk failure by re-replicating the entire data store. This can take days, during which time the cluster performs poorly and has a higher risk of failure. Using Longhorn, you can control the granularity to the maximum, easily create a disaster recovery volume in another Kubernetes cluster, and failover to it in the event of an emergency. If your main cluster fails, you can bring up the app in the DR cluster quickly with a defined RPO and RTO.       Rook is an open source cloud-native storage orchestrator, providing the platform, framework, and support for Ceph storage to integrate with cloud-native environments natively. Ceph is a distributed storage system that provides block, file, and object storage and is deployed in large-scale production clusters. Rook automates deployment and management of Ceph to provide self-managing, self-scaling, and self-healing storage services. The Rook operator builds on Kubernetes resources to deploy, configure, provision, scale, upgrade, and monitor Ceph. The storage cluster can be run hyper-converged beside your applications, in a cloud, or on bare metal. Rook provides a consistent storage platform anywhere Kubernetes runs. - Vineyard is deployed as a daemon and used as shared storage between users for structural data objects. - Vineyard is used to sharing the common data structure between computing engines that runs in separate isolated processes and containers. - Vineyard is used to sharing the immediate data between upstream and downstream tasks within a data-analytical workflow on Kubernetes.           WasmEdge provides a high-performance, lightweight, secure, and extensible WebAssembly runtime for cloud-native applications. It is an OCI compliant container that is integrated into Docker, containerd, crun and many Kubernetes projects. Compared with traditional Linux container apps, WasmEdge apps are more secure, more portable, cold-start 100x faster and only take 1/10 of the space.   Cilium is a networking, observability, and security platform based on eBPF. As a CNI, it provides a flat Layer 3 network, even across clusters. Cilium enforces network policies on L3-L7 using an identity based security model. Cilium implements distributed load balancing between pods and to external services by replacing kube-proxy. It also has advanced functionality like ingress and egress gateway, bandwidth management, service mesh, and deep network and security observability through Hubble and Tetragon.                                                 In cloud-based Kubernetes clusters, Services are usually exposed by using load balancers provided by cloud vendors. However, cloud-based load balancers are unavailable in bare-metal environments. OpenELB allows users to create LoadBalancer Services in bare-metal, edge, and virtualization environments for external access, and provides the same user experience as cloud-based load balancers. Emissary-Ingress is a k8s-native, Envoy-based API gateway. It is designed to allow teams to work in a more decentralized way than the traditional Ingress object. Emissary-Ingress can scan for its CRDs across all namespaces, so development teams can deploy new network routing rules along with the apps that use them, increasing velocity. Emissary-Ingress can be extended via API calls with authentication and rate limiting services. It is compatible with all the CNCF service meshes, and facilitates canary deployments when integrated with Argo Rollouts. Aeraki Mesh has been created to provide a non-intrusive, highly extendable way to manage any layer-7 traffic in a service mesh, including Dubbo, Thrift, bRPC, Redis, etc., and private protocols as well. Istio addresses the challenges developers and operators face with a distributed or microservices architecture. Whether you're building from scratch or migrating existing applications to cloud native, Istio can help. Read more at: https://istio.io/latest/about/solutions/ Kuma is a service mesh that combines the extensibility and performance of Envoy proxy with great UX and a powerful, yet flexible set of policies. It was built from the ground up to support Kubernetes, Docker, and VM environments seamlessly in a single deployment. Linkerd is the lightest, fastest, and most importantly, simplest service mesh on the market. It provides security, reliability, and observability features to any Kubernetes application without requiring code changes.             TiKV excels at working with large-scale data by supporting petabyte-scale deployments spanning trillions of rows. It aims to solve the technical issue of scaling and reliably storing data in distributed systems that require high performance and strong consistency. TiKV addresses the technical pain points of traditional databases by offering horizontal scalability, strong consistency, high availability, and fault tolerance. It's particularly useful for building real-time data processing apps. Scaling out existing MySQL deployments, or building out internal database solutions for application teams to build products on. Standardizing common eventing metadata and their location to help with event identification and routing.     Event streaming with Apache Kafka by providing Kubernetes-native Kafka deployments                       KubeVela is a modern software delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable.               Telepresence is a local-to-remote kubernetes debugging tool that creates a two-way proxy from your laptop to the cluster. You can access cluster resources as if they were local and intercept traffic to one or more services to develop in an integrated environment without the need for a container build-push-deploy loop. Argo CD and Argo Rollouts - Manage application definitions, configurations, and environments declaratively in Git. Introduce blue-green and canary deployments, canary analysis, experimentation, and progressive delivery features to your Kubernetes cluster. Argo Workflows and Argo Events - Run jobs and full workflows on any Kubernetes cluster. Define multiple dependencies from a variety of event sources and trigger Kubernetes objects after successful event dependencies resolution.   Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories and OCI artifacts), and automating updates to configuration when there is new code to deploy. Flux is built from the ground up to use Kubernetes' API extension system, and to integrate with Prometheus and other core components of the Kubernetes ecosystem. Flux supports multi-tenancy and support for syncing an arbitrary number of Git repositories, among other long-requested features.               The Distributed Application Runtime (Dapr) provides APIs that simplify microservice architecture development and increases developer productivity. Whether your communication pattern is service-to-service invocation or pub/sub messaging, Dapr helps you write resilient and secured microservices. By letting Dapr’s sidecar take care of the complex challenges such as service discovery, message broker integration, encryption, observability, and secret management, developers can focus on business logic and keep their code simple.       Users can use OpenFunction in several different ways including building functions or applications only, running sync or async serverless functions or applications, building and then running serverless functions or applications, building and then running serverless wasm applications(In progress). In all use cases, users can utilize Dapr to communicate with various backend services (BaaS).   Horizontally scalable, highly available, multi-tenant, long term storage for Prometheus.       Pixie is an open source observability tool for Kubernetes applications. Pixie uses eBPF to automatically capture telemetry data without the need for manual instrumentation. Developers can use Pixie to view the high-level state of their cluster (service maps, cluster resources, application traffic) and also drill-down into more detailed views (pod state, flame graphs, individual full body application requests). metrics-based monitoring and alerting   global scale metrics-based monitoring and alerting                        
          TBD             Self-hosted container registry with multiple integrations for security and validation.   Manual certificate management is an outage waiting to happen; it only takes one forgotten renewal to bring down an entire site. Automation is therefore key to reliability, and cert-manager is the foremost tool for achieving this in Kubernetes. In addition, workloads such as service meshes can require local certificate authorities, and cert-manager can help in issuing and controlling these key parts of infrastructure.           You can think about Falco as a security camera for containers, Kubernetes and the cloud: it collects signals from hosts, containers, orchestrators and cloud logs, and it reports suspicious or anomalous behavior. Falco provides kernel instrumentation mechanisms to detect security events. It then enriches them with metadata pulled from the node, the container runtime and Kubernetes. This metadata is then used to dynamically apply Falco rules based on the container name, image, orchestrator labels, orchestrator resource type, etc.   Prevents many compromises in your software supply chain from having an impact on your users. It also provides traceability so that you can determine what happened when things go wrong. in-toto is a fundamental tool for securing the software supply chain.   1. Application Hardening 2. Continuous Monitoring 3. Inline Remediation, Attack Surface reduction 4. Network Segmentation     Policy and governance with Kyverno improves security posture by eliminating misconfigurations and promotes security best practices. It also enables business agility by separating developer, security, and operations concerns and enables self-service automation. Finally, it increases operational efficiency by managing and optimizing for cloud costs.             Prevents many types of key and repository/registry compromises from impacting your users. Provides a secure way to recover from compromise. Twelve years of practical experience, about a dozen security audits, a half-dozen or so peer reviewed papers, a half-dozen or so implementations used in production, and millions of containers, etc. secured.   In today's business environment, rapidly delivering innovative customer experiences through differentiated applications and services is necessary for competitive advantage. As a result, organizations witness a change in how applications and services are being architected, built, and deployed. New technologies such as cloud and containers help organizations release faster, at scale. Services need to be built at high velocity and deployed on a vast plethora of platforms. As development accelerates, these systems are becoming increasingly interdependent and interconnected to deliver a consistent customer experience. Organizations may be inhibited in achieving high velocity and gaining market share or mission assurance for such major reasons as compliance, the pool of expertise, and interoperability challenges between teams/organizations and within existing solutions. For business leaders focused on improving business expediency and returns, SPIFFE can significantly reduce costs associated with the overhead of managing and issuing cryptographic identity documents (e.g. X.509 certificates), and accelerate development and deployment by removing the need for developers to understand the identity and authentication technologies required to secure service-to-service communication. Technology integration as a result of organizational convergence can be a challenge when different technology stacks must come together and interoperate. Aligning on a common, industry-accepted standard for system-to-system communication with identity and authentication, simplifies the technical aspects of full interoperability and integration across multiple stacks. SPIFFE brings a shared understanding of what constitutes software identity. By further leveraging SPIFFE Federation, components in disparate systems in different organizations or teams can establish trust to communicate securely without the added overhead of constructs such as VPN tunnels, one-o certificates, or shared credentials for use between such systems.       First, CubeFS has been commonly used as the datacenter filesystem for online applications, database or data processing services and machine learning jobs orchestrated by Kubernetes to separate storage from compute. Second, CubeFS also works as a high-performance object store compatible with the S3 API. Moreover, CubeFS offers personal cloud storage on all your devices.     Anyone running a stateful workload, like database, kafka, elasticsearch etc, in a Kubernetes cluster.       Rook provides a consistent storage platform, whether in the cloud or on bare metal. The storage cluster is managed through Kubernetes Custom Resources, making integrating with your existing DevOps/ GitOps toolset easy. For your applications to consume storage, they simply need to use the Kubernetes native approach of creating a `PersistentVolumeClaim`. Running a Rook Ceph cluster is made accessible due to the operator pattern. The operator pattern allows the Rook project to handle most tasks automatically (e.g., updating to a new Ceph version). These automatic processes reduce the time spent setting up, configuring, maintaining, and updating your Rook storage cluster. Vineyard is used as a distributed immediate data store to share large tensors and dataframes between data scientists among a research division.           WasmEdge improves cloud app’s operational efficiency by providing a secure, portable, fast, and lightweight alternative to traditional Linux containers. It allows microservice or servelsss applications to “scale to zero” — all computing resources can be made available on-demand, and “write once run anywhere”. It also works with existing container management infra and programming languages, and hence minimizing the cost of adoption and migration. It is great for running microservices and serverless functions embedded in data pipelines or SaaS platforms.   Cilium reduces the operational complexity and cost of running highly scalable and dynamic cloud native environments. By leveraging eBPF, Cilium accelerates and simplifies service connectivity, makes systems observable for easier monitoring and debugging, and provides deep security observability and runtime enforcement.                                                   Emissary-Ingress speeds up deployment time and reduces the burden on platform teams by empowering developers to deploy new routes in a self-service manner. Platform/cloud teams can centrally manage hosts and certificates while developers can manage the resources relevant to them. While service mesh becomes an important infrastructure for microservices, many(if not all) service mesh implementations mainly focus on HTTP protocols and treat other protocols as plain TCP traffic. This is an obstacle for a lot of organizations when they try to leverage service mesh's promised capablities to simplify their microservice development and operation. Aeraki Mesh solve this problem by providing a common layer-7 service mesh framework both in data plane and control plane, which is built on top of Envoy and Istio and can work with them together very well. Security, Traffic Management, Observability, Policy Enforcement. It is becoming more important then ever to ensure that traffic is secure, observable, and reliable. Kuma service mesh enables users to adopt a zero trust application networking model while providing flexible traffic management and observability capabilities. Kuma also supports a wide variety of platforms including Kubernetes, Nomad, Docker, and Virtual Machines. Thereby allowing organizations to take advantage of these benefits even at the start of their digital transformation journey. Security, compliance, reliability.             TiKV provides a scalable, reliable, and easy-to-use storage engine for building distributed systems. It helps organizations improve the performance, reliability, and availability of their systems. TiKV helps organizations reduce risk by providing strong consistency. It helps ensure data integrity and accuracy. TiKV helps organizations increase their responsiveness to customer demand by allowing them to scale their systems horizontally as needed to handle increasing amounts of data and workload. Scalability, Reliability, reduce human cost of running databases. CloudEvents is a specification for describing event data in common formats to provide interoperability across services, platforms and systems.     Lower the management and operational costs of running Kafka infrastructure on Kubernetes.                       KubeVela is an application delivery engine built with Kubernetes control plane. KubeVela can orchestrate, deploy, and operate application components and cloud resources with a workflow based application delivery model and technology. For user scenarios, KubeVela is designed to manage applications with multiple target Kubernetes clusters and hybrid-cloud environments as first-class citizens. In the community, we observed most users are adopting KubeVela as their internal “PaaS”, or as part of their CI/CD pipeline, or as an extensible DevOps kernel for building their own IDP.               Telepresence speeds up development teams by allowing them to instantly test changes in dev or staging environments without having to wait for their changes to be built into a container and deployed. It also saves money by enabling developers to share cloud environments to do integration testing. Argo CD and Argo Rollouts - enabling a high frequency of deployment for quick delivery of new features and updates (constant iteration), decreasing mean time to recovery (MTTR) to recover quickly as if nothing had happened on production, decreasing lead time for changes and updates, to make sure that your clients stay satisfied and secure. Argo Workflows and Argo Events - creating scalable and manageable data pipelines, orchestrating highly parallel jobs without the overhead of legacy VMs or server environments, defining multiple dependencies from various event sources like webhooks, S3, schedules, streams, and triggering Kubernetes objects after successful event dependencies resolution.   GitOps is the natural evolution of configuration as code. Businesses moving to Flux can deal with infrastructure at scale more easily, and allow their developers to focus on code, not on deployment problems. With its vast ecosystem of Flux integrations and being integrated into cloud offerings everywhere, adopting Flux can be adopted in virtually every setup.               Deliver distributed system applications in half the time. Dapr provides APIs that abstract away the complexity of common challenges developers encounter regularly when building distributed applications. These API building blocks can be leveraged as the need arises - use one, several, or all to develop applications faster and deliver solutions on time. Dapr leverages proven practices for distributed application development that enable developers to build resilient, secured systems. By using Dapr in your application, you adopt these best practices without having to spend time solving common challenges.       OpenFunction is a cloud-native open source FaaS (Function as a Service) platform aiming to let users focus on their business logic without having to maintain the underlying runtime environment and infrastructure. Users can generate event-driven and dynamically scaling Serverless workloads by simply submitting business-related source code in the form of functions. Users can also build and run serverless applications as well.   Your platform team can use Cortex to provide individual team within your organization a global view of their Prometheus metrics.             global scale metrics-based monitoring and alerting                        
Rust Python, Go Python Go Go Go Go Go Go Go Go Go Go Go Go Rust Go Go C++ Go Python Python Go Go Go Go Go Go Go Go Go Rust Python Java Shell Go Go Go C++, Go C++ Go C, Go Go Shell C++ C++ Go Go C, Go Go Go C++ Go Go Go Go Go Go Go Go Go Go Go Go Go Rust Go Go Shell Go Rust Go Go Go C++ Go Go, HTML C++ Go Python, Go Go Go Go Go, Rust Go, C Go, JavaScript Go Makefile Makefile Go Rust Go CSharp, Go, Java, Javascript, PHP, PowerShell, Python, Ruby, Rust Go Java Java Rust TypeScript TypeScript Go Go Go Go Go Go Rust Go Go Go Go Go Go Go Makefile Go Go Go Go Go, TypeScript JavaScript Go Go Go TypeScript Go Go Go Rust Go Go Go Rust Go Go C++ Go JavaScript Go Go Ruby Go C# Go Go Go HTML, TypeScript Go C++ Rust Rust
2020-10-14 2019-07-25 2015-07-16 2021-10-09 2019-12-10 2018-09-28 2020-05-21 2020-12-19 2019-10-14 2014-10-21 2021-04-26 2016-02-01 2019-06-21 2017-07-19 2021-10-04 2020-06-03 2020-11-07 2016-07-25 2020-11-19 2016-01-20 2022-01-05 2016-05-24 2016-10-19 2020-11-26 2021-08-12 2021-01-15 2019-02-04 2015-03-27 2015-12-28 2021-05-13 2022-06-08 2021-12-08 2019-06-07 2013-01-31 2016-12-31 2017-01-31 2017-03-23 2021-03-24 2021-01-25 2019-02-19 2018-07-23 2018-04-17 2009-03-23 2016-08-01 2018-12-24 2019-07-10 2001-04-28 2020-10-27 2015-11-05 2016-09-09 2020-05-12 2021-05-14 2014-01-19 2019-06-25 2019-06-14 2015-12-16 2017-03-06 2015-04-05 2021-07-16 2018-10-25 2018-04-03 2019-03-12 2019-06-19 2021-12-01 2018-09-08 2020-07-11 2020-11-10 2018-10-11 2014-06-06 2017-04-13 2021-09-30 2017-06-30 2020-10-15 2016-03-18 2013-06-07 2019-11-27 2014-11-22 2019-07-31 2017-10-30 2016-08-08 2019-02-01 2017-03-30 2020-11-03 2016-11-18 2019-03-13 2017-12-05 2022-01-12 2018-11-14 2019-12-13 2019-03-26 2019-02-02 2019-04-27 2016-01-07 2012-02-25 2017-12-09 2011-12-24 2016-04-27 2016-03-21 2020-02-11 2020-01-14 2020-01-25 2018-06-25 2019-03-01 2019-12-05 2018-08-17 2015-11-02 2019-03-14 2020-10-13 2019-11-27 2020-07-06 2016-08-11 2016-06-24 2020-09-28 2018-02-07 2018-11-05 2021-04-29 2020-05-15 2017-02-23 2018-02-15 2017-04-15 2020-04-24 2019-01-21 2022-02-11 2021-07-08 2019-06-05 2016-01-22 2019-01-01 2020-10-21 2019-06-20 2019-02-13 2018-01-30 2019-11-27 2020-12-05 2017-12-04 2016-06-22 2018-04-19 2018-06-19 2017-06-22 2018-06-23 2012-11-24 2019-03-15 2017-11-01 2018-03-29 2011-06-18 2016-04-18 2019-05-02 2015-11-26 2019-09-04 2019-03-19 2017-03-15 2019-03-27 2019-06-25 2020-10-15 2020-10-15
2023-02-23 2023-03-21 2023-03-20 2023-02-03 2022-12-05 2023-03-17 2023-03-21 2023-03-21 2023-03-20 2023-02-23 2023-03-20 2023-03-21 2023-03-20 2023-03-20 2023-03-03 2023-02-27 2023-03-16 2023-03-20 2023-03-20 2023-03-17 2023-03-17 2023-03-17 2023-03-13 2023-03-17 2023-03-20 2023-03-20 2023-03-20 2022-10-31 2023-03-20 2023-03-17 2023-03-17 2023-02-27 2023-03-02 2023-03-20 2023-03-20 2023-02-28 2023-03-21 2023-02-28 2023-03-10 2023-03-21 2023-03-17 2023-03-08 2023-03-20 2023-03-14 2023-03-21 2023-01-31 2023-03-20 2023-03-21 2023-03-20 2023-03-14 2023-01-18 2023-03-20 2020-02-24 2023-03-13 2023-03-20 2023-03-20 2022-06-17 2023-03-14 2023-03-20 2023-03-21 2021-10-28 2023-03-17 2023-03-20 2023-02-21 2023-03-18 2023-03-21 2023-03-20 2023-03-08 2023-03-20 2023-03-16 2023-03-10 2023-03-16 2023-03-19 2023-03-20 2023-03-21 2023-03-20 2023-03-21 2023-03-02 2023-03-20 2023-03-21 2023-01-03 2023-03-03 2023-03-20 2023-03-21 2023-03-21 2023-03-21 2023-03-17 2023-03-21 2023-03-13 2022-08-03 2023-02-22 2023-03-13 2023-03-20 2023-03-21 2023-03-16 2023-03-21 2023-03-21 2023-03-20 2023-03-01 2023-03-16 2023-03-20 2023-03-10 2023-01-30 2023-03-07 2023-03-17 2023-03-14 2023-03-20 2023-03-17 2022-04-14 2023-03-21 2023-03-21 2021-07-02 2023-02-09 2023-03-20 2023-03-20 2023-03-17 2023-01-29 2023-03-20 2023-03-20 2022-09-28 2023-03-20 2023-03-20 2023-03-13 2022-10-07 2023-03-20 2023-03-20 2023-03-20 2023-03-08 2023-03-20 2023-03-17 2023-03-20 2022-05-05 2023-03-07 2023-03-20 2023-03-21 2021-05-10 2023-03-07 2023-01-09 2023-03-20 2023-03-20 2023-03-16 2023-03-20 2023-02-26 2023-03-16 2023-03-20 2023-03-01 2022-02-28 2023-03-17 2022-12-15 2023-03-17 2023-03-20 2023-03-13 2023-03-19 2023-03-19
          Every 3 months             We aim to have 3 big releases per year with many patch releases in between.   Major release every 2 months, with each major release supported for 4 months.           3 times per year (end of Jan, June, Sept)   We are rapidly approaching a 1.0 release which is expected to be almost identical to the current 0.9 release. Following that, development will be focused on the in-toto Attestation specification. Changes to the in-toto specifications are introduced and evaluated as in-toto Enhancements (ITE), ensuring stability in the specifications themselves. This is a key factor as both the in-toto specification and the Attestation framework are widely used.   once every month and half     Approximately monthly for patches and quarterly for minor releases.             The specification is quite stable. Major spec versions update rarely, minor versions about annually, smaller releases (typo fixes / clarifications) happen as needed.           Every 2 months     1.0 GA released on May 2020. Latest v1.4.0 was released on Dec 2022.       Minor releases: approximately three times a year (similar to Kubernetes cadence), Patch releases: bi-weekly 2022-12-24           Every 3 months   2-3 major releases a year, plus minor and point releases for bug fixes and security updates                                                 1 times per year (each quarter) Monthly Every few months Every 3 months Every 8-10 weeks               Per month Every 4 months 2019-10-24     Every 2-3 months                       Every 1-2 weeks               Weekly 7-14 days   Minor releases have a cadence of at least one per month. (https://fluxcd.io/flux/faq/#where-can-i-find-information-on-how-long-versions-are-supported-and-how-often-to-expect-releases)               4 times per year (each quarter)       3 ~ 4 major releases per year   Every few months       weekly every 6 weeks for prometheus/prometheus   every 6 weeks                        
923 3,543 4,724 735 417 5,718 1,425 902 737 7,373 1,187 19,637 326 10,095 53 2,186 605 7,931 2,450 5,710 60 689 307 634 8,116 111 3,645 3,000 7,830 149 820 713 401 1,491 760 1,191 1,370 1,554 596 3,160 1,779 394 5,175 8,030 879 361 11,222 687 13,447 4,460 531 10,981 8,850 5,618 1,422 14,719 497 4,761 472 1,524 506 2,056 275 570 6,750 1,272 3,145 1,953 96,785 1,760 507 2,867 800 10,406 42,919 552 37,363 5,802 3,347 21,639 1,265 4,025 634 32,627 3,095 9,434 576 1,919 2,559 1,021 237 760 12,830 15,837 5,877 22,405 1,853 4,321 728 1,200 21,206 1,942 1,328 154 3,410 23,959 5,747 4 112 4,953 3,962 1,088 1,536 6,388 967 1,803 554 5,681 12,455 2,382 4,564 1,693 74 602 3,708 3,565 22,557 1,391 20,744 6,095 4,908 3,348 1,071 3,747 5,020 395 1,654 2,014 4,430 47,254 1,076 11,550 1,861 11,842 17,341 594 3,447 5,574 5,220 3,557 3,500 5,618 800 800
          OpenEBS (CSI support), Calico, Cilium, SDN solutions?, Prometheus, Grafana etc.             trivy, cosing, notary, github, gce, jfrog, snyk, clair, sysdig, oidc, ldap, ecr, acr, docker, quay, helm trivy, cosign, notary, github Linkerd, Istio, SPIFFE, Gateway API, OpenShift Routes, ACME / Let's Encrypt, Hashicorp Vault, Venafi, AWS, GCP, Azure, Cloudflare, DigitalOcean, Akamai           Kubernetes Audit Logs, AWS Cloudtrail, GitHub Audit Events, and the 40+ outputs supported by Falcosidekick (e.g. Slack, AWS Lambda, etc)   Datadog, GitLab, Grafeas, Jenkins, Rebuilderd, SLSA, SolarWinds, tekton-chains, Sigstore         Sigstore Cosign             Docker, Amazon, Microsoft, Google Fuschia, Harbor, Toradex, Datadog, Sigstore, Automotive Grade Linux   App Mesh Controller, Athenz, Cert-Manager, Consul, Dapr, Docker, Emissary, Envoy, Ghostunnel, gRPC, Hamlet, Istio, Knox, Kubernetes, NGINX, Parsec, Sigstore, Tekton, Tornjak                                   Crun, Runwasi, Youki, Docker Desktop, Kubernetes, WebAssembly Languages Runtime maintained by VMWare, Proxy-wasm, Knative, SuperEdge, OpenYurt, KubeEdge, Fedora Linux                                                         Istio, Envoy https://istio.io/latest/docs/ops/integrations/ Flagger                                                 Helm, FluxCD, DEX, OpenKruise, Crossplane, Prometheus, k3s, KEDA, etc.                     all standard Cloud Native, Git provider and observability tooling                           Grafana, Prometheus, Slack, PagerDuty, Webhook, AWS SNS, etc.       OpenTelemetry, Grafana See exporters and clientlibs plus many service discoveries.   See Prometheus, exporters, clientlibs and https://thanos.io/tip/thanos/integrations.md/                        
docs.akri.sh cdk8s.io/ cloudcustodian.io/ www.devstream.io/ kubedl.io kubeedge.io/en/ metal3.io/ openyurt.io/ superedge.io/ tinkerbell.org/ github.com/distribution/distribution d7y.io/ goharbor.io/ zotregistry.io/ cert-manager.io/ github.com/confidential-containers containerssh.io www.curiefense.io/ dexidp.io/ external-secrets.io/ falco.org/ hexaorchestration.org/ in-toto.io keylime.dev/ kubearmor.io/ kubescape.io/ www.kubewarden.io kyverno.io/ notaryproject.dev/ www.openpolicyagent.org/ openpolicycontainers.com openfga.dev www.paralus.io/ parsec.community/ theupdateframework.github.io/ www.athenz.io spiffe.io/ spiffe.io/spire/ tlr.dev http://www.opencarina.com cubefs.io/ http://www.opencurve.io/ www.k8up.io/ longhorn.io/ www.openebs.io/ oras.land/ piraeus.io/ rook.io/ v6d.io containerd.io/ cri-o.io/ inclavare-containers.io/ github.com/lima-vm/lima github.com/rkt/rkt wasmedge.org/ antrea.io/ cilium.io/ cnigenie.netlify.app www.cni.dev/ www.fabedge.io/ kubeovn.github.io/docs/en/ networkservicemesh.io/ submariner.io armadaproject.io/ clusterpedia.io crossplane.io/ http://pasa-bigdata.nju.edu.cn/fluid/index.html karmada.io/ kube.rs kubernetes.io/ kured.dev open-cluster-management.io/ volcano.sh/ wasmcloud.com coredns.io/ etcd.io/ www.k8gb.io grpc.io/ www.bfe-networks.net projectcontour.io www.envoyproxy.io openelb.github.io www.getambassador.io/ www.aeraki.net/ istio.io/ kuma.io linkerd.io/ merbridge.io/ meshery.io openservicemesh.io/ smi-spec.io smp-spec.io/ schemahero.io tikv.org vitess.io/ cloudevents.io/ nats.io/ cncf.pravega.io strimzi.io/ www.tremor.rs/ artifacthub.io/ backstage.io/ buildpacks.io/ carvel.dev devfile.io devspace.sh helm.sh/ ko.build/ www.konveyor.io/ docs.rs/crate/krator/latest kubevela.io kubevirt.io/ kudo.dev/ nocalhost.dev www.redhat.com/en/technologies/cloud-computing/openshift/what-are-openshift-operators getporter.org/ sealer.cool serverlessworkflow.github.io www.telepresence.io/ argoproj.github.io/ brigade.sh/ fluxcd.io/ www.keptn.sh openfeature.dev/ opengitops.dev/ openkruise.io/en-us/ werf.io/ k3s.io www.serverless-devs.com/ dapr.io keda.sh/ knative.dev krustlet.dev openfunction.dev virtual-kubelet.io/ cortexmetrics.io/ ingraind.org/ github.com/kuberhealthy/kuberhealthy openmetrics.io/ px.dev/ prometheus.io/ skooner.io/ thanos.io/ trickstercache.org www.fluentd.org/ www.jaegertracing.io/ opentelemetry.io/ opentracing.io/ chaos-mesh.org/ chaosblade.io/ litmuschaos.io/ www.opencost.io/ wasmedge.org/ wasmcloud.com wasmcloud.com
github.com/project-akri/akri github.com/cdk8s-team/cdk8s github.com/cloud-custodian/cloud-custodian github.com/devstream-io/devstream github.com/kubedl-io/kubedl github.com/kubeedge/kubeedge   github.com/openyurtio/openyurt github.com/superedge/superedge github.com/tinkerbell/tink github.com/distribution/distribution github.com/dragonflyoss/Dragonfly2 github.com/goharbor/harbor github.com/project-zot/zot github.com/cert-manager/cert-manager github.com/confidential-containers/documentation github.com/containerssh/containerssh github.com/curiefense/curiefense github.com/dexidp/dex github.com/external-secrets/external-secrets github.com/falcosecurity/falco github.com/hexa-org/policy-orchestrator github.com/in-toto/in-toto github.com/keylime/keylime github.com/kubearmor/kubearmor github.com/kubescape/kubescape github.com/kubewarden/kubewarden-controller github.com/kyverno/kyverno github.com/notaryproject/notary github.com/open-policy-agent/opa github.com/opcr-io/policy github.com/openfga/openfga github.com/paralus/paralus github.com/parallaxsecond/parsec github.com/theupdateframework/python-tuf github.com/AthenZ/athenz github.com/spiffe/spiffe github.com/spiffe/spire github.com/SpectralOps/Teller github.com/carina-io/carina github.com/cubeFS/cubefs github.com/opencurve/curve github.com/k8up-io/k8up github.com/longhorn/longhorn github.com/openebs/openebs github.com/oras-project/oras github.com/piraeusdatastore/piraeus github.com/rook/rook github.com/v6d-io/v6d github.com/containerd/containerd github.com/cri-o/cri-o github.com/inclavare-containers/inclavare-containers github.com/lima-vm/lima github.com/rkt/rkt github.com/WasmEdge/WasmEdge github.com/antrea-io/antrea github.com/cilium/cilium github.com/cni-genie/CNI-Genie github.com/containernetworking/cni github.com/FabEdge/fabedge github.com/kubeovn/kube-ovn github.com/networkservicemesh/networkservicemesh github.com/submariner-io/submariner github.com/armadaproject/armada github.com/clusterpedia-io/clusterpedia github.com/crossplane/crossplane github.com/fluid-cloudnative/fluid github.com/karmada-io/karmada github.com/kube-rs/kube-rs github.com/kubernetes/kubernetes github.com/kubereboot/kured github.com/open-cluster-management-io/ocm github.com/volcano-sh/volcano github.com/wasmCloud/wasmCloud github.com/coredns/coredns github.com/etcd-io/etcd github.com/k8gb-io/k8gb github.com/grpc/grpc github.com/bfenetworks/bfe github.com/projectcontour/contour github.com/envoyproxy/envoy github.com/openelb/openelb github.com/emissary-ingress/emissary github.com/aeraki-mesh/aeraki github.com/istio/istio github.com/kumahq/kuma github.com/linkerd/linkerd2 github.com/merbridge/merbridge github.com/meshery/meshery github.com/openservicemesh/osm github.com/servicemeshinterface/smi-spec github.com/service-mesh-performance/service-mesh-performance github.com/schemahero/schemahero github.com/tikv/tikv github.com/vitessio/vitess github.com/cloudevents/spec github.com/nats-io/nats-server github.com/pravega/pravega github.com/strimzi/strimzi-kafka-operator github.com/tremor-rs/tremor-runtime github.com/artifacthub/hub github.com/backstage/backstage github.com/buildpacks/pack github.com/vmware-tanzu/carvel-ytt github.com/devfile/api github.com/devspace-sh/devspace github.com/helm/helm github.com/ko-build/ko github.com/konveyor/community github.com/krator-rs/krator github.com/kubevela/kubevela github.com/kubevirt/kubevirt github.com/kudobuilder/kudo github.com/nocalhost/nocalhost github.com/operator-framework/operator-sdk github.com/getporter/porter github.com/alibaba/sealer github.com/serverlessworkflow/specification github.com/telepresenceio/telepresence github.com/argoproj/argo-cd github.com/brigadecore/brigade github.com/fluxcd/flux2 github.com/keptn/keptn github.com/open-feature/community github.com/open-gitops/project github.com/openkruise/kruise github.com/werf/werf github.com/k3s-io/k3s github.com/serverless-devs/serverless-devs github.com/dapr/dapr github.com/kedacore/keda github.com/knative/serving github.com/krustlet/krustlet github.com/OpenFunction/OpenFunction github.com/virtual-kubelet/virtual-kubelet github.com/cortexproject/cortex github.com/foniod/foniod github.com/kuberhealthy/kuberhealthy github.com/OpenObservability/OpenMetrics github.com/pixie-io/pixie github.com/prometheus/prometheus github.com/skooner-k8s/skooner github.com/thanos-io/thanos github.com/trickstercache/trickster github.com/fluent/fluentd github.com/jaegertracing/jaeger github.com/open-telemetry/community github.com/opentracing/opentracing-go github.com/chaos-mesh/chaos-mesh github.com/chaosblade-io/chaosblade github.com/litmuschaos/litmus github.com/opencost/opencost github.com/WasmEdge/WasmEdge github.com/wasmCloud/wasmCloud github.com/wasmCloud/wasmCloud
             www.youtube.com/watch?v=adfPZAyozwc zotregistry.io/latest/general/concepts/ youtu.be/yINv8RUkW-E         in-toto.io/   www.youtube.com/watch?v=NS8XC78wSME    kyverno.io/docs/introduction/        theupdateframework.io/   www.youtube.com/watch?v=YTmkh4UlnNA     ocs-cn-north1.heytapcs.com/cubefs/community/video1657061611.mp4    www.youtube.com/watch?v=y0Rs6vghFaU      www.youtube.com/watch?v=p-falphSJq8&list=PLj6h78yzYM2NoiNaLVZxr-ERc1ifKP7n6       youtu.be/Kg5z5A5wH0A                               www.youtube.com/watch?v=hkR1M6qwpnw           www.youtube.com/watch?v=Sny8rITrdvE github.com/cloudevents/spec/blob/main/cloudevents/primer.md                         Argo Workflows: youtu.be/TZgLkCFQ2tk, Argo CD: https://youtu.be/aWDIQMbp1cc           youtu.be/9o9iDAgYBA8     openfunction.dev/docs/