The CNCF landscape explained: Cloud native projects and how to navigate them

Understand the CNCF landscape and what each category means. Covers graduated projects, maturity levels, and the key tools dominating container orchestration, observability, storage, and networking.

3 lessons · 10 min · Beginner

4 minutes reading time

Written by

Civo Team
Civo Team

Marketing Team at Civo

The Cloud Native Computing Foundation (CNCF) is a vendor-neutral organisation hosted by the Linux Foundation. It provides a home for open-source projects that form the backbone of modern cloud infrastructure. Kubernetes, Prometheus, Helm, and over 170 other projects live under the CNCF umbrella.

Understanding the CNCF landscape helps you make better tool choices. Rather than evaluating every option from scratch, the landscape tells you which projects have proven production adoption, which are still experimental, and which category of problem each tool solves.

How CNCF project maturity works

Every project in the CNCF moves through three maturity levels:

Sandbox is the entry point for early-stage projects showing promise. Sandbox projects are experimental and not recommended for production use without careful evaluation. They have met basic criteria but have limited production adoption.

Incubating projects have proven adoption in production environments. Requirements include a minimum of three production users, comprehensive documentation, and a defined governance process. Incubating projects are generally safe to adopt for non-critical workloads.

Graduated projects have completed an independent security audit, demonstrated broad adoption across multiple organisations, and meet the highest standards for stability and governance. Graduated projects are the safest choices for production infrastructure.

Graduated projects worth knowing

As of 2026 there are over 35 graduated projects. The ones you are most likely to encounter:

ProjectWhat it does

Kubernetes

Container orchestration

Prometheus

Metrics collection and alerting

Helm

Kubernetes package manager

containerd

Container runtime

CoreDNS

DNS server for service discovery

Argo

GitOps and workflow automation

Flux

GitOps continuous delivery

Jaeger

Distributed tracing

OpenTelemetry

Observability framework (metrics, logs, traces)

Falco

Runtime security monitoring

Fluentd

Log collection and forwarding

Harbor

Container image registry

Thanos

Long-term Prometheus storage

Vitess

Scalable MySQL clustering

Linkerd

Service mesh

etcd

Distributed key-value store

Envoy

High-performance proxy

Cilium

eBPF-based networking and security

Backstage

Developer portal and service catalogue

OpenPolicy Agent

Policy enforcement across the stack

KEDA

Event-driven autoscaling for Kubernetes

Crossplane

Infrastructure as code using Kubernetes APIs

Key tools by category

The CNCF landscape covers hundreds of projects. These are the dominant tools in the categories you will encounter most often.

  • Container orchestration: Kubernetes is the standard. k3s is a lightweight, CNCF-conformant distribution that runs the full Kubernetes API in a single binary under 100MB. Civo uses k3s for all managed clusters.
  • Observability: Prometheus collects and stores metrics. Grafana visualises them. OpenTelemetry has become the standard framework for collecting metrics, logs, and traces from applications and infrastructure in a vendor-neutral way. Jaeger handles distributed tracing. Most observability tooling now integrates with OpenTelemetry as the collection layer.
  • CI/CD and GitOps: Argo CD and Flux both implement GitOps, keeping your cluster state in sync with a Git repository. Both are now graduated projects with strong production adoption. Tekton provides pipeline primitives for building CI/CD workflows inside Kubernetes.
  • Service mesh: Cilium now handles service mesh capabilities in addition to networking, using eBPF for high performance with lower overhead than proxy-based approaches. Istio and Linkerd remain widely used for proxy-based service mesh. Linkerd is simpler to operate, Istio has more configuration options.
  • Container runtime: containerd is the default runtime for most Kubernetes distributions including k3s. CRI-O is an alternative designed specifically for Kubernetes. Docker is not supported as a direct Kubernetes runtime from Kubernetes 1.24 onwards.
  • Networking (CNI): Cilium is the fastest-growing CNI, using eBPF for high performance, NetworkPolicy enforcement, and deep observability. Calico remains widely deployed in production. Flannel is simple and is the default CNI in k3s. Weave has been deprecated and should not be used in new clusters.
  • Security: Falco provides runtime threat detection by monitoring system calls. OpenPolicy Agent enforces policy across Kubernetes admission, APIs, and infrastructure. Sigstore has emerged as the standard for signing and verifying container images and software artefacts.

The CNCF landscape tool

The CNCF Cloud Native Interactive Landscape is a searchable, filterable map of every project in the ecosystem. You can filter by maturity level, category, or license.

Cloud Native Landscape

The landscape changes continuously. New projects join, existing projects graduate, and some are archived. Check landscape.cncf.io directly for the most current view rather than relying on any static screenshot.

Civo and the CNCF

Civo is a certified Kubernetes provider, meaning all Civo clusters pass the CNCF Kubernetes Conformance Test Suite. This guarantees that standard Kubernetes APIs and workloads run as expected on Civo, the same as on GKE, EKS, or any other conformant distribution.

Civo uses k3s, which is itself a CNCF graduated project, for all managed Kubernetes clusters. You get the full Kubernetes API with faster provisioning and lower resource overhead.

Civo Team
Civo Team

Marketing Team at Civo

Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.

Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.

View author profile