The CNCF landscape explained: Cloud native projects and how to navigate them
Understand the CNCF landscape and what each category means. Covers graduated projects, maturity levels, and the key tools dominating container orchestration, observability, storage, and networking.
3 lessons · 10 min · Beginner
Written by
Marketing Team at Civo
Written by
Marketing Team at Civo
The Cloud Native Computing Foundation (CNCF) is a vendor-neutral organisation hosted by the Linux Foundation. It provides a home for open-source projects that form the backbone of modern cloud infrastructure. Kubernetes, Prometheus, Helm, and over 170 other projects live under the CNCF umbrella.
Understanding the CNCF landscape helps you make better tool choices. Rather than evaluating every option from scratch, the landscape tells you which projects have proven production adoption, which are still experimental, and which category of problem each tool solves.
How CNCF project maturity works
Every project in the CNCF moves through three maturity levels:
Sandbox is the entry point for early-stage projects showing promise. Sandbox projects are experimental and not recommended for production use without careful evaluation. They have met basic criteria but have limited production adoption.
Incubating projects have proven adoption in production environments. Requirements include a minimum of three production users, comprehensive documentation, and a defined governance process. Incubating projects are generally safe to adopt for non-critical workloads.
Graduated projects have completed an independent security audit, demonstrated broad adoption across multiple organisations, and meet the highest standards for stability and governance. Graduated projects are the safest choices for production infrastructure.
Graduated projects worth knowing
As of 2026 there are over 35 graduated projects. The ones you are most likely to encounter:
Key tools by category
The CNCF landscape covers hundreds of projects. These are the dominant tools in the categories you will encounter most often.
- Container orchestration: Kubernetes is the standard. k3s is a lightweight, CNCF-conformant distribution that runs the full Kubernetes API in a single binary under 100MB. Civo uses k3s for all managed clusters.
- Observability: Prometheus collects and stores metrics. Grafana visualises them. OpenTelemetry has become the standard framework for collecting metrics, logs, and traces from applications and infrastructure in a vendor-neutral way. Jaeger handles distributed tracing. Most observability tooling now integrates with OpenTelemetry as the collection layer.
- CI/CD and GitOps: Argo CD and Flux both implement GitOps, keeping your cluster state in sync with a Git repository. Both are now graduated projects with strong production adoption. Tekton provides pipeline primitives for building CI/CD workflows inside Kubernetes.
- Service mesh: Cilium now handles service mesh capabilities in addition to networking, using eBPF for high performance with lower overhead than proxy-based approaches. Istio and Linkerd remain widely used for proxy-based service mesh. Linkerd is simpler to operate, Istio has more configuration options.
- Container runtime: containerd is the default runtime for most Kubernetes distributions including k3s. CRI-O is an alternative designed specifically for Kubernetes. Docker is not supported as a direct Kubernetes runtime from Kubernetes 1.24 onwards.
- Networking (CNI): Cilium is the fastest-growing CNI, using eBPF for high performance, NetworkPolicy enforcement, and deep observability. Calico remains widely deployed in production. Flannel is simple and is the default CNI in k3s. Weave has been deprecated and should not be used in new clusters.
- Security: Falco provides runtime threat detection by monitoring system calls. OpenPolicy Agent enforces policy across Kubernetes admission, APIs, and infrastructure. Sigstore has emerged as the standard for signing and verifying container images and software artefacts.
The CNCF landscape tool
The CNCF Cloud Native Interactive Landscape is a searchable, filterable map of every project in the ecosystem. You can filter by maturity level, category, or license.

The landscape changes continuously. New projects join, existing projects graduate, and some are archived. Check landscape.cncf.io directly for the most current view rather than relying on any static screenshot.
Civo and the CNCF
Civo is a certified Kubernetes provider, meaning all Civo clusters pass the CNCF Kubernetes Conformance Test Suite. This guarantees that standard Kubernetes APIs and workloads run as expected on Civo, the same as on GKE, EKS, or any other conformant distribution.
Civo uses k3s, which is itself a CNCF graduated project, for all managed Kubernetes clusters. You get the full Kubernetes API with faster provisioning and lower resource overhead.

Marketing Team at Civo
Civo is the Sovereign Cloud and AI platform designed to help developers and enterprises build without limits. We bridge the gap between the openness of the public cloud and the rigorous security of private environments, delivering full cloud parity across every deployment. As a team, we are dedicated to providing scalable compute, lightning-fast Kubernetes, and managed services that are ready in minutes. Through CivoStack Enterprise and our FlexCore appliance, we empower organizations to maintain total data sovereignty on their own hardware.
Our mission is to make the cloud faster, simpler, and fairer. By providing enterprise-grade NVIDIA GPUs and streamlined model management, we ensure that high-performance AI and machine learning are accessible to everyone. Built for transparency and performance, the Civo Team is here to give you total control over your infrastructure, your data, and your spend.
Share this lesson