Our 10 Favorite Open Source Projects from the CNCF Landscape

Lukas Gentele
Hrittik Roy
9 min read

CNCF, or the Cloud Native Computing Foundation, is a nonprofit organization that hosts and promotes a growing ecosystem of open source projects that help write software that can run anywhere. The Foundation has a governance and support structure that helps projects stay afloat and grow while constantly adapting and iterating to complement the cloud native ecosystem.

Projects within this ecosystem range from container runtimes and orchestration to service meshes and monitoring solutions, and many more can be found in the Cloud Native Landscape, where the projects under the CNCF umbrella are all organized and listed intuitively by different categories. You’ll need these projects to overcome shortcomings in order to build, operate, and monitor cloud native systems at scale.

This article contains ten projects, including Kubernetes, the leading container orchestration system; DevSpace, which is used to improve developer experience; vcluster, which aids in cluster virtualization; and Grafana and Prometheus, which aid in monitoring your cluster’s resources and objects.

Other projects included here are Helm, a Kubernetes package manager; Open Policy Agent, which allows you to implement policies across your environment; ORAS for registries; and Jaeger, which manages distributed tracing for your application.



As one of the most widely used container orchestration systems, Kubernetes is arguably the most popular project under the CNCF’s umbrella and offers a great deal of features for your workloads, such as scalability, high availability, self-healing, and load balancing.

The project was originally developed by Google and donated to the CNCF in 2015. It’s now the most widely adopted orchestration tool, with a vibrant ecosystem of supporting projects, plugins, and vendors, as well as a wide community.

The projects in the CNCF Landscape are complementary to the orchestrator and help with overcoming the pitfalls in an enterprise-grade environment.



Developer experience is one of the most important factors when it comes to building cloud native software. DevSpace is an open source tool that makes developing cloud native applications much easier by streamlining the complete development process, from initial scaffolding to deployment and debugging. It’s designed to work with Kubernetes and supports hot reloading, which means that you can see code changes reflected in your application immediately without having to rebuild or redeploy. Two-way file sync is also present to sync your local storage with your containers.

The main benefit of the tool is its feature-rich UI and terminal, which make it easy to get started and understand the cloud native development process. The UI also provides many features, such as port-forwarding and inspecting live logs, which are essential for debugging cloud native applications.

As DevSpace’s website says, you can think of DevSpace as “kubectl on steroids.”



kiosk is a Kubernetes extension that enables multitenancy and isolation in a single Kubernetes cluster so that your workloads can run isolated from one another. It provides a declarative way to define and manage tenants, namespaces, and quotas; is built on top of the Kubernetes API; and can be used with any Kubernetes distribution by isolating workspaces through namespaces.

Multitenancy helps you optimize your resources by reducing the need to have separate clusters for each tenant and can help improve your security posture by providing better isolation between tenants.



Virtualization has shaped how we use technology for the past two generations by optimizing resource usage and decreasing cost.

Similarly, for Kubernetes, vcluster is a useful tool from Loft Labs that you can use to create a virtual cluster inside your primary cluster as a playground with similar features and configuration settings to your primary cluster.

With the new virtual cluster, you have full admin permissions and complete control over how you want to use the cluster. For example, you can use vcluster to create a development environment that’s isolated from your production environment. This allows you to test your code or run your application in a safe environment that resembles your actual environment without disrupting your primary cluster.

The virtual cluster you create after installing the utility is powered by a separate K3s API server with a separate data store that is independent from your actual cluster.



Grafana is synonymous with dashboarding solutions for data visualization of different workloads that range from simple machines to complex clusters with different integrations. It’s an open source and very powerful solution to visualize data in the form of single or multiple dashboards from various data sources with different integrations.

When complemented with other tools from the CNCF Landscape, like Prometheus, you can build a monitoring and observability solution that provides an in-depth view of what’s happening inside your cluster. The great part about Grafana is that it supports traces, logs, and metrics for complete coverage.

Setting up Grafana is as simple as running the Docker image, or you can use the cloud.



Time series are an essential part of monitoring data for any organization, as they help analyze past performance and identify trends. This analysis helps you understand the behavior of the system and how it has been performing over a period of time. It’s also useful for identifying any sudden changes or abnormalities.

Prometheus is an open source leader in monitoring and logging with very good community support. It has been battle-tested in some of the largest organizations and has proven to be very reliable. It has a strong feature set, is very easy to use, and can be compared to Google’s Borgmon with regards to its functionalities. Features include the ability to query and visualize data, alerts, and easy integration with other tools.

Additionally, you can query your time series data with the help of PromQL to obtain minute details and more personalized results.



In modern distributed systems, distributed tracing allows developers to understand how a specific request flows through the system. It enables devs to debug issues by following the request as it moves through the system.

One of the most useful distributed tracing tools is Jaeger, a distributed tracing system that can capture and visualize trace data across your system as well as monitor and debug microservices-based distributed systems, specifically those built using a microservices architecture. The tool adheres to the OpenTracing specification and supports traces (collections of spans) and spans (the smallest units of action), allowing you to track the request as it traverses the system.

#Open Policy Agent

Open Policy Agent

OPA is an open source project that provides a general-purpose policy engine. The engine is capable of enforcing fine-grained, context-aware authorization policies over a variety of environments and systems.

The project allows developers to specify how their applications should behave declaratively, and OPA will automatically enforce these policies. Policies are very useful for authorization, but they can also be used for any type of decision-making. For example, policies can be used to approve requests that conform to a specific security posture and level of compliance. Other popular use cases include authorizing REST API endpoints and incorporating custom logic into applications.

Rego, a simple and powerful policy language, is used to write policies in OPA, making policy writing declarative. OPA is unique in that it can be used with any JSON-producing object because it accepts JSON as input.

jsPolicy from Loft Labs is an OPA implementor that simplifies policy management. It employs a widely used language known as JavaScript and TypeScript to allow developers to specify their policies in the manner to which they are accustomed. With the V8 JavaScript engine to run policies, most policies are executed in less than a millisecond.

jsPolicy also makes it simple to share entire policies or functions via npmjs or your own private registry and helps you focus on the policy logic by abstracting away minute details like worrying about auditing and webhook registrations, among others.



OCI Registry As Storage (ORAS) is a tool that allows you to work with more than just images as artifacts by using ORAS artifact specs. It allows you to pull and push your artifacts while supporting authentication and authorization.

ORAS allows you to distribute your artifacts on the cloud and on-prem, and it includes a Docker-like client for managing all of your artifacts.

The tool excels in its ability to change the content of supply chain artifacts, which is useful when there’s a supply chain compromise and you need to remediate the artifacts. The other good thing about ORAS is that it offers SDKs for Go and Python, which you can use during your development lifecycle.



Helm is the Kubernetes package manager used for easy installation and management of applications. The package manager supports templates that are useful for deploying multiple similar applications. It also allows for easy rollbacks and upgrades of applications. Upgrades can be made by changing the values.yaml file and then running the helm upgrade command.

The package manager has quickly become the de facto way to install and manage Kubernetes applications and has a wide range of community-supported charts available. Helm is a great place to start with Kubernetes, as it abstracts away the learning curve of installing and using different Kubernetes objects.


In this article, you’ve seen ten of the most popular projects from the CNCF Landscape. These are only a small subset of the many, many projects hosted by the CNCF, but they are representative of the different types of projects that make up the cloud native ecosystem. While the projects chosen here are some of the most popular ones in the category, other alternatives exist to solve slightly different problems.

The best next step is to get involved with one or more of these communities and start experimenting with the projects and implementing them to see how they can help you in your work. You can start with Kubernetes and its documentation, as most of the other projects are built on top of it. From there, you can pick and choose which projects you want to learn more about and start experimenting with them.

The CNCF also offers a variety of resources, such as blogs, tutorials, and certifications, that can help you get up to speed with cloud native technologies. Additionally, there are many cloud-native-focused conferences like CloudNativeCon and KubeCon, as well as other meetups that you can attend to learn more and network with other developers.

No matter how you choose to get involved, the CNCF Landscape has a lot to offer and will continue to grow. Get exploring and make the most of this exciting and rapidly expanding ecosystem!

Sign up for our newsletter

Be the first to know about new features, announcements and industry insights.