CNCF Landscape: Runtime
CNCF Landscape: Runtime
The Runtime category (score: 1.262, growing at 1.1x) provides the foundational layer that all cloud native applications depend on: how containers run, how they communicate, and how they store data.
Cilium: The eBPF Networking Revolution
Cilium at 24,019 stars and 3,681 forks (graduated) is redefining Kubernetes networking using eBPF (Extended Berkeley Packet Filter). It replaces traditional iptables-based networking with programmable, kernel-level packet processing.
Cilium's eBPF approach provides L3/L4 network policy enforcement, transparent encryption (mTLS), bandwidth management, and deep network observability — all without requiring application changes or sidecar proxies.
Key capabilities: eBPF-based networking, L7 policy enforcement, transparent encryption, Hubble observability, Cluster Mesh for multi-cluster networking, Gateway API implementation, and Tetragon security observability.
containerd: The Container Runtime Standard
containerd at 20,506 stars and 3,858 forks (graduated) is the industry-standard container runtime. It has been the default runtime in Docker and Kubernetes since 2020, handling image pulling, unpacking, and container lifecycle management.
containerd is the invisible workhorse of cloud native. Every pod on your cluster goes through containerd for image management. Its OCI-compliant design and CRI (Container Runtime Interface) implementation make it interchangeable with other runtimes.
Key capabilities: OCI image management, CRI implementation, image signing and verification, snapshot management, and support for multiple image formats.
Rook: Storage Orchestration
Rook at 13,434 stars and 2,818 forks (graduated) turns storage systems into Kubernetes-native resources. It orchestrates Ceph, NFS, and other storage backends through Kubernetes Custom Resource Definitions.
Rook makes persistent storage as declarative as compute. You define a CephCluster or NFS provisioner, and Rook handles provisioning, scaling, and management. It's the most popular way to run Ceph on Kubernetes.
Key capabilities: Ceph orchestration via CRDs, NFS provisioning, CSI driver support, storage pool management, disaster recovery, and monitoring dashboards.
Longhorn: Cloud Native Block Storage
Longhorn at 7,620 stars and 696 forks (graduated) provides lightweight, reliable block storage for Kubernetes. It uses its own engine for replica management, snapshotting, and backup.
Longhorn is ideal for teams that need persistent storage without the complexity of Ceph. It provides one-click provisioning, incremental backups, disaster recovery, and cross-cluster replication.
Key capabilities: Lightweight block storage, built-in replication, instant snapshots and backups, live migration, disk scheduling, and a web UI for management.
The eBPF Paradigm Shift
Cilium represents a fundamental shift in how we think about networking in Kubernetes:
| Traditional Networking | Cilium eBPF |
|---|---|
| iptables-based rules | Kernel-level programmable filtering |
| Sidecar proxy for L7 | Native L7 policy enforcement |
| Best-effort observability | Deep packet-level observability |
| Complex rule chains | Declarative policy models |
See Also
- CNCF Landscape Overview — All 8 categories
- Container Building and Hardening Guide — Production container security