►
From YouTube: The CNCF Sandbox: An Exploration and Guided Tour - Justin Cormack, Chief Technology Officer, Docker
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon North America 2021 in Los Angeles, CA from October 12-15. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The CNCF Sandbox: An Exploration and Guided Tour - Justin Cormack, Chief Technology Officer, Docker
A
A
lot
in
the
last
year
in
cncf
is
the
sandbox,
so
the
sandbox
is
now
home
for
a
huge
variety
of
projects
to
experiment
with
new
things
in
cloud
native
and
innovate,
and
it's
these
are
the
projects
you'll
all
be
using
in
a
in
a
few
years
time,
and
some
of
you
are
using
right
now
and
they're
great
places
to
hack
and
develop
and
explore
new
ideas,
and
we're
really
excited
that
now
we
have
over
over
40
nearly
50,
probably
by
the
time
you
hear
this
sandbox
project
and
there's
a
huge
diversity
of
them
and
I'm
going
to
try
and
run
through
almost
all
of
them
in
15
minutes.
A
A
A
A
Next,
we
have
streaming
and
messaging
tools
streaming.
Data
and
stream
processing
is
a
really
important
part
of
cloud
native
applications
and
lots
of
people
are
using
them
and
getting
a
lot
of
value
from
that
kind
of
architecture.
A
A
Prevega
is
a
whole
new
streaming
database
design,
it's
in
the
same
kind
of
family
as
kafka,
but
it's
designed
to
support
persistent
storage,
auto
scaling
efficiency
with
a
lot
of
partitions,
while
delivering
exactly
one
semantics
and
low
latency.
All
running
on
kubernetes
tremor
is
also
a
new
event.
Processing
system
is
an
early
stage
project
written
in
rust,
one
of
many
rust
projects
we
have
in
cncf.
A
Now
we
had
a
rust
day
earlier
this
week
and
it's
exciting
to
see
that
community
we're
starting
to
work
on
interesting
cloud
native
projects,
so
tremor
is
designed
to
replace
tools
such
as
log
stash
or
telegraph
for
getting
json
log
data
out
into
your
system
at
high
performance
and
high
volume,
and
it
supports
back
pressure
and
rate
limiting
for
a
stable
system,
which
is
obviously
really
important
in
production.
A
A
It's
a
spotify
project
originally
and
it
lets
you
build
a
whole
developer
portal
for
managing
infrastructure
with
extensible
ux
and
extensible
service,
catalog
and
plugins
that
allow
your
teams
to
manage
their
own
infrastructure
from
a
simple
ui
kudo
is
a
toolkit
for
writing.
Kubernetes
operators,
so
you've
been
excited
about
operators
in
the
stock.
So
far
take
a
look
at
it.
A
A
Cubevert
as
a
tool
for
running
vm
workloads,
not
just
container
workloads
on
kubernetes,
so
if
you
haven't
containerized
everything
and
you
want
to
run
one
set
of
infrastructure
for
all
your
applications,
take
a
look
and
run
run.
Your
legacy.
Applications
in
the
same
infrastructure
porter
is
an
application
packaging
tool
from
the
cnab
specification,
so
it
bundles
up
a
set
of
components
with
instructions
for
how
to
deploy
them,
how
to
upgrade
them
and
so
on.
A
It's
a
very
generic
specification
and
porter
is
a
is
the
kind
of
tool
that
works
with
all
these
all
these
scene,
app
things
and
telepresence
is
a
useful
tool
for
remote
debugging,
your
apps,
while
they're
actually
running
in
kubernetes,
in
production
or
in
staging.
So
you
can
debug
on
your
local
workstation
using
local
tools,
while
your
application
is
actually
running
remotely
in
kubernetes.
A
A
Cap10
manages
application,
lifecycle
automation.
So
if
you
want
to
have
a
github
style
delivery
pipeline,
but
you
don't
want
to
roll
out
code
unless
it
actually
passes
service
level
objectives,
then
this
is
what
you
need,
so
it
can
roll
out
from
say
staging
to
production
if
the
code
is
meeting
the
quality
gates.
A
This
takes
us
nicely
into
observability,
and
the
areas
around
that
so
open
matrix
is
standardizing
the
prometheus
format
so
make
it
an
ietf
standard.
So
it's
not
just
the
app.
You
know
they're,
just
not
just
the
format
used
by
prometheus,
but
it's
also
being
widely
used
elsewhere,
because
it's
a
really
simple,
easy
to
understand.
A
A
So
if
you're
making
a
dashboard
system,
for
example,
it
can
make
it
much
faster
by
caching,
frequently
used
data,
but
it
can
also
add
special
optimizations
that
apply
specifically
to
time
series
data
such
as
exactly
aligning
your
time.
Series
requests
on,
say,
one
second
boundaries
to
make
them
faster,
open
telemetry
is
a
telemetry
service
for
traces
and
metrics
and
logs
now
this
project
really
shows
what
you
can
do
in
the
sandbox.
A
It
was
actually
a
merger
of
open
tracing
and
open
census
projects
to
make
a
uniform
interface
for
users,
and
it's
seeing
a
lot
of
adoption
as
just
applying
for
incubation
now,
but
it
really
shows
that
you
can
you
know,
projects
can
really
morph
and
change
in
sandbox
and
and
projects
can
can
work
together
and
work
out
how
to
how
to
grow.
A
A
A
So
far
we
have
one
kubernetes,
just
hold
kubernetes
distribution
in
the
sandbox,
so
k3s
is
built
for
iot
and
edge
use
cases
which
are
becoming
really
popular
with
kubernetes
and
really
growing
area.
So
it's
lighter
weight
environments.
Users
can
use
sequel
lighting
instead
of
xtd
and
and
more
things
targeted
at
that
kind
of
environment
also
runs
well
on
arm
servers.
A
A
A
Bfe
is
a
layer,
7
application
load
balancer
with
support
for
things
like
https,
obviously,
and
web
sockets,
and
cls
and
flexible
routing
policies.
The
service
mesh
interface
is
a
specification
for
service
meshes.
It
covers
the
common
feature
sets
like
traffic
encryption
telemetry,
whichever
one
everyone
using
service
meshes
is
using.
So
it
allows
you
to
switch
to
a
different
service
mesh
that
me
that
meets
the
spec
and
use
common
tooling
open
service
mesh
is
a
simple
envoy
based
service
mesh
actually
implements
service
mesh
interface,
so
it's
you
know
covers
the
covers
those
basics.
A
Kumar
is
another
envoy
based
service
mesh
designed
to
bridge
kubernetes
and
virtual
machines
with
a
single
control
plane
network
service
mesh
is
people
who
need
to
connect
containers
to
different
network
protocols.
So
if
you're,
using
raw,
ethernet
or
mpls
or
l2tp,
for
example,
like
lots
of
telco
applications
are,
this
is
something
that
you
might
want
to
check
out.
A
Cni
genie
lets.
You
connect
to
different
cni,
so
kubernetes
networking
implementations
on
the
same
cluster,
so
you
can
give
pods
connectivity
to
multiple
cni
plug-ins.
So,
if
you're
doing
interesting,
things
with
networking
take
a
look
at
that
and
kubo
vn,
let's
use
ovn
networks
with
kubernetes.
So
if
you're
integrating
into
your
enterprise
network
where
you're
using
encapsulated
packets,
then
you
might
want
to
use
that
as
your
cni
we've
got.
Three
storage
projects
in
the
sandbox
longhorn
provides
replicated
block,
storage
and
management.
A
So
that's
useful.
If
you
you
know,
if
you
need
replicated
highly
available
block
stores,
open
ebs,
supports
local
or
replicated
storage
volumes,
it
uses
a
fork
of
one
of
the
longhorn
providers
and
some
various
other
options.
Chipao
fs
is
not
a
block
store,
but
it's
actually
posix
and
s3
compatible
file
based
storage.
If
you're
looking
for
file
storage
for
your
applications,
provisioning
is
another
area
where
you've
got
several
interesting
projects.
A
Metal
cubed
see,
there's
cool
name
cubed,
it's
a
provisioning
tool
that
runs
inside
kubernetes
to
provision
bare
metal
hosts
as
an
operator
that
takes
talks
to
ipmi
controllers
and
provision
servers
and
has
into
your
clusters.
So
that's
interesting
and
then
tinker
bell.
It's
another
bare
metal
provision,
provisioning
project
came
out
of
packet
now,
equinix
metal
divides
into
you,
know,
five
components
for
managing
different
parts,
dhcp
os
installs
and
power,
and
boot
control,
and
things
like
that.
So
a
very
interesting
project.
A
Lots
of
work
going
on
there
open
here,
there's
another
kubernetes
on
the
edge
project.
So
you
can
see
lots
of
edge
work
going
on
supporting
nodes
that
might
go
offline
edge
clusters
which
need
to
sync
back
to
a
cloud
control
plane.
We've
got
there's
lots
of
different
edge
work
at
different
stages,
because
a
lot
of
people
are
doing
q
as
at
the
edge,
so
there's
lots
of
projects,
and
since
you
have
to
look
out
for
if
you're
doing
that,
I
know
for
something
different
cloud.
A
Custodian
is
actually
a
tool
for
policy
definition
enforcement
in
public
clouds.
So
if
you're
using
public
cloud-
and
you
want
to
check
you
know-
your
certificates
are
about
to
expire
or
check
policies
and
on
say,
machine
images
and
storage
bucket
policy
then
use
that
which
brings
us
really
into
the
whole
security
and
compliance
section.
There's
actually
a
lot
of
projects
here.
I
think
a
lot
of
these
projects
are
really
exciting.
A
It's
like
great
to
see
security
projects
in
cncf,
because
it's
one
of
the
areas,
I'm
particularly
interested
in
cert
manager,
is
an
incredibly
useful
project
which
can
manage
all
your
kubernetes
cluster
certificates
and
automatically
renew
them
and
so
on.
A
A
A
Parsec
is
another
hardware
security
project
platform
abstraction
for
security.
It's
short
for
it's
designed
to
abstract
over
hardware
cryptography
to
cryptography.
So
if
applications
want
to
talk
to
hardware,
crypto
modules
on
the
machine
it
can
use,
sparsec
curifence
is
a
web
application
firewall
that
can
be
deployed
in
envoy
or
standalone
to
control
traffic.
Reaching
your
application
dex
is
an
open
id
connect,
a
no
auth
2
provider.
So
if
you
want
to
authenticate
users
into
your
cluster,
that's
incredibly
useful.
A
Caverno
is
a
policy
agent
and
mission
controller
for
kubernetes.
It's
really
a
much
simpler
than
open
policy
agent.
It's
designed
for
very
simple
use
cases
if
you
want
to,
for
example,
just
say
I
don't
want
to
run
privileged
containers.
This
might
be
easier
for
you.
It
doesn't
have
a
whole
programming
language
like
open
policy
agent,
but
just
has
simple
composable
policies
and
athens
is
an
experiment
and
certificate
manager
to
give
applications,
dynamic
certificates
and
provide
service
identity.
A
A
Sorry
distribution,
you
didn't
get
in
and
a
couple
of
others
that
we
let
in
and
a
couple
of
others
that
are
going
to
be
let
in
before
kubecon
no
doubt,
but
the
sandbox
is
a
really
exciting
place
for
projects,
and
it's
where
projects
are.
You
know
again,
the
next
generation
of
projects
that
you're
all
going
to
be
using
and
coming
from,
and
you
can
start
using
them
now
start
investigating
them
and
find
something
to
hack
on.