The Cloud Native Compute Foundation (CNCF) hosts an ecosystem of projects that help with cloud native applications – containerized applications running on Kubernetes as microservices.
Based on the maturity of the projects, they are classified as graduated, incubated, or sandbox. Most new projects start now in the sandbox.
The CNCF technical committee has in the last months reviewed two projects and moved them up one level.
These two projects support containerized applications in quite different ways. I’ll introduce them briefly and will also explain how SUSE is planning to use these projects.
Envoy is an open source edge and service proxy, designed for cloud-native applications. It runs besides containerized applications and spawns a “Service mesh” that allows the containers to communicate with each other in a reliable and observable way.
The next major version of SUSE CaaS Platform will include Cilium that enables network segregation and integrates also with Envoy to optimize networking between containers.
Envoy is also an essential component of the Istio project that we will use in SUSE Cloud Application Platform as well. As high performance L4/L7 proxy with a very small footprint it allows to route traffic between containers and also between clouds – with runtime configuration.
Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities.
SUSE does not use Harbor, but instead uses Portus – a modular registry that builds on top of the Docker distribution project – and expands it with authentication and scanning.