65 KiB
65 KiB
Azure Core Container Upstream Projects
This list of projects is maintained by the Azure Core Container Upstream team. This list is intended to help you make informed decisions about what projects to use (or not use) in the context of your goals (e.g. proof of concept vs. production). To make this decision you need to consider your goals, your need for formal support, the project's maturity, governance, version level, and your willingness to work in open source.
Support
Projects listed on this page are open source that Microsoft maintain or contribute to. These projects are NOT covered by the Microsoft Azure support policy. To get help please search the open issues on the project using the links in the table. To communicate with the Azure Container Compute Upstream team please use the issues in this repo. If your issue isn't already represented, please open a new one. However, if you consume one of these projects as a part of a Microsoft or Azure product or service, you may be eligible for support through that product or service.
Project list
| Project Area | Project & (artifacts) | Goal | Project State & API Version |
Communication | Use on Azure |
|---|---|---|---|---|---|
| Kubernetes Cluster Management | |||||
| Cluster API Azure Provider (releases) Tests |
Self-managed clusters on Azure using Cluster API | CNCF: incubating API: v1alpha4 |
#cluster-api-azure kubernetes-sig-cluster-lifecycle@googlegroups.com GitHub issues |
||
| Image Builder (releases) Tests |
Tools for building Kubernetes disk images | #image-builder kubernetes-sig-cluster-lifecycle@googlegroups.com GitHub issues |
|||
| Cluster API Add-on Provider for Helm (releases) Tests |
Use Helm charts to manage the installation and lifecycle of Cluster API add-ons. | CNCF: incubating API: v1alpha1 |
#cluster-api kubernetes-sig-cluster-lifecycle@googlegroups.com GitHub issues |
||
| Cluster Autoscaler (releases) Tests |
Cluster Autoscaler is a tool that automatically adjusts the size of the Kubernetes cluster. | Kubernetes: stable | #sig-autoscaling kubernetes-sig-autoscaling@googlegroups.com GitHub issues |
||
| Cluster Autoscaler Provider Azure (releases) Tests |
Azure provider for running Cluster Autoscaler on AKS and Azure self-managed clusters. | Kubernetes: stable | #sig-autoscaling kubernetes-sig-autoscaling@googlegroups.com GitHub issues |
||
| Multi-Cluster Service APIs (MCS) (releases) |
Kubernetes standard APIs for multi-cluster service controller implementations. | Kubernetes: alpha | #sig-multicluster kubernetes-sig-multicluster@googlegroups.com GitHub issues |
||
| Kubernetes Enhancements | |||||
| Windows containers (kubernetes releases) Tests |
Run Windows server containers with Kubernetes | Kubernetes: stable API: N/A |
#sig-windows kubernetes-sig-windows@googlegroups.com Windows Community Forum GitHub issues |
||
| IPv4/v6 Dual-Stack (kubernetes releases) Tests |
IPv4/IPv6 dual-stack enables the allocation of both IPv4 and IPv6 addresses to Pods and Services. | Kubernetes: IPv6: beta Dual-stack: GA |
#sig-network kubernetes-sig-network@googlegroups.com GitHub issues |
||
| KMSv2 (blog (alpha) blog (beta)) |
Encryption at rest of Kubernetes data in etcd using Key Management Service (KMS) v2 API | Kubernetes: GA API: v2 |
#sig-auth-kms-dev GitHub issues |
||
| Structured Authentication Configuration (blog (beta)) |
Structured authentication configuration in the Kubernetes API server. Initially, only a jwt configuration will be supported, which will serve as the next iteration of the existing OIDC authenticator. |
Kubernetes: beta API: v1beta1 |
#sig-auth-authenticators-dev GitHub issues |
||
| Structured Authorization Configuration (blog (beta)) |
Structured authorization configuration in the Kubernetes API serverintroducing a more structured and versatile way to configure the authorization chain, focusing on enabling multiple webhooks and providing explicit control mechanisms. | Kubernetes: beta API: v1beta1 |
#sig-auth-authorizers-dev GitHub issues |
||
| Move Storage Version Migrator in-tree | Move storage version migrator in-tree to make it easy for users to perform storage migrations. | Kubernetes: alpha API: v1alpha1 |
#sig-api-machinery-storageversion-dev GitHub issues |
||
| Cloud Native Governance and Security | |||||
| OPA Gatekeeper (releases) |
K8s native Open Policy Agent policy enforcement | Azure: GA (AKS and Arc) CNCF: graduated API: Config: v1alpha1; ConstraintTemplate: v1; Constraints: v1beta1; Mutation: v1; External Data: v1beta1 |
#kubernetes-policy GitHub issues |
||
| Secrets Store CSI Driver (releases) Builds |
Integrates secrets stores with Kubernetes via a Container Storage Interface (CSI) volume | Kubernetes: GA API: v1 |
#csi-secrets-store GitHub issues |
||
| Azure KeyVault Provider for Secrets Store CSI Driver (releases) |
Enables mounting AKV secrets as volumes in K8s pods | Azure: GA (AKS and Arc) API: N/A |
GitHub issues | Use with AKS | |
| KMS Plugin for Key Vault (releases) |
Enables encryption at rest of Kubernetes data in etcd using Azure Key Vault | Azure: GA (AKS) API: N/A |
GitHub issues | Use with AKS | |
| Azure Workload Identity (releases) |
Uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods based on Workload Identity federation | Azure: GA (AKS) API: N/A |
GitHub issues | How to use (OSS) How to use (AKS) |
|
| Eraser (releases) |
Cleaning up images from Kubernetes nodes | CNCF: sandbox Azure: GA (AKS) API: v1 |
#eraser GitHub issues |
How to use (OSS) How to use (AKS) |
|
| Copacetic (releases) | CLI tool for directly patching container images using reports from vulnerability scanners | CNCF: sandbox | #copa GitHub issues |
How to use | |
| DALEC (releases) | Produce secure packages and containers with declarative configurations | Azure: incubating | GitHub issues | How to use | |
| Cloud Native Service Mesh | |||||
| Istio | The leading service mesh on Kubernetes | CNCF: graduated APIs: experimental, alpha, beta, stable |
Istio Slack GitHub issues |
Deploy Istio addon on AKS | |
| Gateway API | A sig-network subproject that establishes a specification for service networking in Kubernetes (ingress and service mesh) | Kubernetes: v1beta APIs: Standard and Experimental |
#gateway-api in Kubernetes Slack GitHub issues |
Use application gateway for containers | |
| Envoy Proxy | A high performance, cloud-native proxy | CNCF: graduated | Envoy Slack GitHub issues |
||
| Container Runtime | |||||
| Moby (releases) |
Toolkit for app containerization | #opencontainers Moby Forums GitHub issues |
|||
| Containerd (releases) |
Complete container lifecycle management on Linux and Windows hosts | CNCF: graduated API: N/A |
#opencontainers dev@opencontainers.org GitHub issues |
||
| Containerd runwasi (releases) |
Facilitates running Wasm / WASI workloads managed by containerd | CNCF: alpha | #runwasi GitHub issues |
||
| Containerd Wasm Shims (releases) |
containerd shims for running WebAssembly workloads in Kubernetes | DeisLabs: alpha | #GitHub Issues | ||
| Platforms | |||||
| Brigade | Event-driven scripting for Kubernetes | CNCF: Archived API: v2 |
#brigade channel on Kubernetes Slack GitHub Issues |
||
| Deployment Tools | |||||
| Porter | Package your application artifact, client tools, configuration and deployment logic together as a versioned bundle that you can distribute, and then install with a single command | CNCF: Sandbox Stable: v0.38.x Prerelease: v1.0.0-alpha |
Mailing list, slack, etc Project Board |
Azure Service Operator, Azure Trusted Research Environments | |
| CNAB Specification | Cloud Native Application Bundle Specification implemented by Porter | Spec: 1.1 | #cnab on CNCF Slack Issues |
||
| Web Assembly / WASI | |||||
| SpiderLightning | SpiderLightning defines a set of *.wit files that abstract distributed application capabilities, such as key-value, messaging, http-server/client and more. | DeisLabs: alpha v0.3.2 | GitHub Issues | AKS WASI Node Pools | |
| Past Projects | |||||
| AKS Engine (releases) |
Self-managed clusters on Azure | Azure: Deprecated. Consider using AKS or Cluster API Azure Provider |
|||
| Virtual Kubelet (releases) |
Enable services to masquerade as kubelet - serverless | CNCF: sandbox API: N/A |
#virtual-kubelet GitHub issues |
AKS Virtual Nodes | |
| AAD Pod Identity (releases) |
Enables K8s applications to access cloud resources securely with Azure Active Directory | Azure: Archived API: v1 |
GitHub issues GitHub Project |
Use with AKS | |
| Service Mesh Interface (SMI) Spec | A standard interface for service meshes on Kubernetes | Deprecated; consider using Gateway API | #smi GitHub issues |
||
| Open Service Mesh (OSM) | A lightweight, extensible, cloud native service mesh | Deprecated; consider using Istio | #openservicemesh GitHub issues |
Maturity
Open source project maturity can be assessed on many dimensions including age, number of contributors, diversity of contributor employers, and many more. Two you should consider are represented in the table as:
- Project state - The first entry in the Maturity column represents the project's status. Projects in the CNCF (kubernetes, kubernetes-sigs, prometheus, etc) use the CNCF maturity model. Projects in the Azure, Microsoft, or deislabs GitHub orgs are working towards using the graduation guidelines defined in this repo.
- API or Feature Versions if relevant, are listed as the second entry of the Maturity column, and follow the Kubernetes convention except where noted
Jobs
Interested in joining our team at Microsoft? Please take a look at jobs to see current openings.