When adopting cloud-native technologies, one of the most critical questions is "which open source projects can be trusted in production?" The Graduated status from CNCF (Cloud Native Computing Foundation) is the highest level of certification, proving that a project is mature and has extensive production adoption. Kubo, as a K3s-based Kubernetes platform, has strong affinity with these CNCF Graduated projects. This article provides a comprehensive category-by-category guide to all Graduated projects as of 2025.
What CNCF Graduated Means: A Seal of Trust
To achieve Graduated status from CNCF, projects must meet rigorous criteria:
- Broad Production Adoption: Proven usage in production at multiple organizations
- Healthy Community: Diverse contributors and active development
- Security Audit: Completion of third-party security audits
- Governance: Clear project governance and decision-making processes
- Mature Documentation: Comprehensive documentation and user guides
According to the CNCF Annual Report 2025, CNCF hosts over 230 projects with more than 300,000 contributors. Graduated projects represent the elite tier.
Captain.AI leverages these CNCF Graduated projects to provide AI-powered assistance for building and operating Kubernetes environments.
Orchestration and Runtime
Kubernetes -- The Container Orchestration Standard
Kubernetes was CNCF's first Graduated project and is the de facto standard for container orchestration. It automates the deployment, scaling, and management of containerized applications.
containerd / CRI-O -- Container Runtimes
containerd and CRI-O are lightweight container runtimes for Kubernetes. As CRI (Container Runtime Interface)-compliant runtimes independent of the Docker daemon, they are widely adopted in production.
Crossplane -- Infrastructure Orchestration
Crossplane achieved Graduated status in 2025, enabling declarative management of cloud infrastructure through the Kubernetes API. AWS, GCP, and Azure resources can be managed uniformly as Kubernetes manifests.
Knative -- Serverless
Knative achieved Graduated status in October 2025. According to the CNCF announcement, it provides an event-driven application layer on Kubernetes with native support for auto-scaling and scale-to-zero.
KEDA -- Event-Driven Autoscaling
KEDA is an event-driven autoscaler that scales Kubernetes workloads based on external event sources such as Kafka, RabbitMQ, and Azure Queue.
KubeEdge -- Edge Computing
KubeEdge extends Kubernetes to edge devices, enabling unified management across cloud and edge environments.
Kubo benefits from these orchestration technologies as a lightweight K3s-based Kubernetes platform spanning edge to cloud.
Observability
Prometheus -- The Metrics Collection Standard
Prometheus is the foundation of Kubernetes monitoring with its pull-based metrics collection and PromQL query language. See our Prometheus monitoring guide on this blog for details.
OpenTelemetry -- Unified Observability
OpenTelemetry is a vendor-neutral framework that unifies traces, metrics, and logs. Supported by over 90 observability vendors, it has established itself as the industry standard.
Jaeger -- Distributed Tracing
Jaeger is a distributed tracing backend for microservice environments. It visualizes the complete picture of requests and helps identify performance bottlenecks.
Fluentd -- Log Collection
Fluentd is an open-source data collector providing a unified logging layer. With over 500 plugins, it supports diverse data sources and destinations.
Captain.AI integrates and analyzes data from these observability tools using AI, automating early incident detection and response.
Networking and Service Mesh
Cilium -- eBPF-Based Networking
Cilium is a CNCF Graduated project that leverages eBPF technology to provide L3-L7 networking, security, and observability. It features performance beyond iptables and an identity-based security model.
Envoy -- Service Proxy
Envoy is a high-performance service proxy developed at Lyft. Used as the foundation for Istio and many service meshes, it provides L7 traffic management, load balancing, and observability.
CoreDNS -- Service Discovery
CoreDNS is the default DNS server for Kubernetes. Its plugin-based architecture enables flexible customization of DNS-based service discovery.
Istio -- Service Mesh
Istio is a service mesh that manages communication between microservices. It transparently provides traffic management, security (mTLS), and observability.
Linkerd -- Lightweight Service Mesh
Linkerd is a lightweight, simple service mesh for Kubernetes. It delivers mTLS, metrics, and retries with minimal configuration.
Security and Compliance
cert-manager -- Automated TLS Certificate Management
cert-manager automates TLS certificate issuance and renewal on Kubernetes. It supports multiple certificate authorities including Let's Encrypt and HashiCorp Vault.
Falco -- Runtime Security
Falco is a cloud-native runtime security engine that monitors Linux kernel system calls and detects abnormal behavior at the container and host level in real time.
OPA (Open Policy Agent) -- Policy Engine
Open Policy Agent is a general-purpose policy engine for cloud-native environments. It handles Kubernetes admission control, API authorization, and data filtering.
Kyverno -- Kubernetes-Native Policy
Kyverno is a Kubernetes-native policy engine. Policies are written in YAML without requiring the Rego language, offering an intuitive user experience.
SPIFFE / SPIRE -- Workload Identity
SPIFFE defines the workload identity standard, while SPIRE is its implementation. Together they automate service-to-service authentication, providing the foundation for zero-trust security.
in-toto / TUF -- Software Supply Chain
in-toto and TUF (The Update Framework) are frameworks that guarantee software supply chain integrity, cryptographically verifying each stage from build to deployment.
Storage, Registry, and ci-cd
Rook / CubeFS -- Cloud-Native Storage
Rook is a storage orchestrator that automates Ceph management on Kubernetes. CubeFS is a large-scale distributed file system.
Harbor / Dragonfly -- Container Registry
Harbor is an enterprise container registry. Dragonfly is a P2P-based container image distribution system.
Argo -- ci-cd and GitOps
Argo is a Kubernetes-native ci-cd toolset comprising Argo CD (GitOps), Argo Workflows (workflow engine), and Argo Rollouts (progressive delivery).
Flux -- GitOps
Flux is a GitOps tool that automatically synchronizes Git repository state to clusters. It is one of the two major GitOps projects alongside Argo CD.
Helm -- Package Manager
Helm is the package manager for Kubernetes applications. Using templates called Charts, it simplifies the distribution and deployment of complex applications.
Additional Projects
- dapr -- distributed application runtime
- CloudEvents -- Event data specification standard
- etcd -- Distributed key-value store (Kubernetes' foundation)
- TiKV -- Distributed transactional key-value store
- Vitess -- MySQL scaling solution
Kubo and the CNCF Ecosystem
Kubo is a lightweight K3s-based Kubernetes platform with strong affinity for CNCF Graduated projects:
| Category | Kubo Usage |
|---|---|
| Orchestration | K3s (Kubernetes-conformant) as the base |
| Monitoring | Prometheus + Grafana for standard monitoring |
| Networking | Cilium / CoreDNS for high-performance networking |
| Security | cert-manager for automated TLS management |
| ci-cd | Argo CD / Flux for GitOps deployments |
| Storage | Rook/Ceph for persistent storage |
| Registry | Harbor for private container registry |
As the CNCF project velocity report shows, the cloud-native ecosystem is growing at an accelerating pace. Kubo is a platform that maximizes the benefits of this ecosystem.
Combining Captain.AI with Kubo creates an intelligent platform where AI assists in building and operating production environments that leverage CNCF Graduated projects.
Conclusion
As of 2025, there are 36 CNCF Graduated projects covering every area of cloud-native technology:
- Graduated status certifies broad production adoption, security audits, and mature governance
- Centered on Kubernetes, the ecosystem covers orchestration, observability, networking, and security
- New 2025 graduates Crossplane and Knative strengthen IaC and serverless capabilities
- Cilium and OpenTelemetry demonstrate the maturation of innovative eBPF and observability projects
- The entire ecosystem works together organically to form a comprehensive cloud-native foundation
Kubo seamlessly integrates with these CNCF Graduated projects on a K3s base, delivering enterprise-grade cloud-native environments. If you are interested in leveraging the CNCF ecosystem, explore Kubo.
For AI-powered cloud-native operations automation, see Captain.AI. For consultations, reach out through our contact page.