The Top 12 CNCF Sandbox Projects of 2021

If you work with container technology and cloud platforms, it is nearly impossible to not have heard of the Cloud Native Computing Foundation (CNCF). The CNCF organization promotes innovations in accessible container technology by supporting open-source, vendor-neutral projects in the cloud-native ecosystem. Its first, and perhaps most famous, project was the container orchestration platform Kubernetes, which has continued to lead and shape the industry. Since then, CNCF has continued to develop open-source tools, standards, and resources that have formed the core of the cloud strategy of hundreds of organizations around the globe.

The CNCF’s technical oversight committee (TOC) meets regularly to vote to decide which projects are accepted into the foundation. Projects are ranked according to three maturity levels: Sandbox, Incubating, and Graduated — listed in increasing order of maturity. The criteria for each maturity level depends on adoption by end users, quality of end products, and adherence to standards for security, governance, committers, and infrastructure. Sandbox projects are usually projects in the early stages of development that show promise. I’ve gathered some of the rising Sandbox projects added by the CNCF in 2021 for you, so that you can take a look at the tools that are driving the future of cloud-native technology.

1. Antrea

Antrea is a Kubernetes-native network stack that was added to the CNCF Sandbox in May 2021. Antrea enables network connectivity and security for pods in Kubernetes clusters. It does this by implementing the Container Network Interface (CNI) and enforcing Kubernetes Network Policy API — which applies network traffic filtering rules to pods. Antrea builds on top of Open vSwitch (OVS) to create a unified network stack for Kubernetes workloads across clouds and operating systems. In essence, Antrea simplifies pod networking while ensuring that your pod workloads remain secure.

2. ChaosBlade

Created by Chinese e-commerce and technology giant Alibaba in 2019, ChaosBlade is an open-source chaos engineering experiment toolkit that was accepted into the CNCF in May, 2021. Chaos engineering is essentially the practice of experimenting on a software system to test the limits of its resilience to adverse conditions and situations. ChaosBlade adopts the principles of chaos experimental models to assess the fault tolerance of distributed container-based architectures as businesses make the transition to cloud-native systems. The ultimate purpose of a tool like ChaosBlade is business continuity — even in the face of catastrophic systems failure.

Image Source: Piqsels

3. Karmada

Karmada, short for Kubernetes Armada, is a project that enables multi-cloud and multi-cluster Kubernetes orchestration — a powerful tool for a hybrid or multi-cloud strategy. Karmada became available in July 2021 and was accepted into the CNCF in September of the same year. Karmada allows enterprises to seamlessly migrate their applications across Kubernetes clusters and clouds without changes — preventing vendor lock-in. Karmada offers users centralized management for clusters on-premises, in the cloud, and at the edge. It also provides failure recovery, high availability, and traffic scheduling for your cloud-native workloads.

4. Krustlet

Krustlet is a kubelet written in Rust. What does that mean? A kubelet is an agent that runs on each node in a Kubernetes cluster and ensures that containers are running in a pod. Rust is a programming language that prioritizes speed and efficiency, making it ideal for low-spec systems and performance-critical services. Krustlet is used to run WebAssembly workloads in your Kubernetes clusters using a wasmtime-based runtime rather than a container runtime. It listens for new pods on the event stream that are then assigned to it by a scheduler based on specific Kubernetes tolerations.

5. Kube-OVN

Accepted to the CNCF Sandbox in January 2021, Kube-OVN integrates the Open Virtual Network (OVN) — a system that enables virtual network abstraction — with Kubernetes. Kube-OVN offers enterprises an advanced Container Network Fabric that is easy to use and feature rich.

6. Kuberhealthy

Kuberhealthy is a monitoring tool that was added to the CNCF Sandbox in March 2021. Kuberhealthy is an operator (a software extension to Kubernetes that uses custom resources to manage apps) that performs synthetic checks on containers running in a cluster. Using synthetic test containers that run in checker pods, Kuberhealthy generates metrics about the basic functionality of a Kubernetes cluster that can then be sent to Prometheus and InfluxDB.

7. KubeVela

KubeVela is another tool that can support a successful hybrid cloud strategy and prevent vendor lock-in issues. With a sailboat as its logo, KubeVela positions itself an application delivery platform that allows you to ship applications across hybrid and multi-cloud environments quickly, easily, and reliably. KubeVela is application-centric, programmable, and infrastructure agnostic. It has the ability to deploy any type of workload to any cloud or Kubernetes cluster.

8. Meshery

Meshery was created by Layer5 and joined the ranks of the CNCF in October 2021 as a service mesh management plane. A service mesh is the infrastructure layer deployed on a Kubernetes cluster that lets you manage communication among an application’s microservices. Meshery gives you a plane to set up, deploy, and benchmark several service mesh solutions available on the market. With Meshery, you can apply custom configurations based on industry best practices to your service mesh and monitor its performance.

Image Source: Pixabay

9. Pixie

Pixie was accepted into the CNCF Sandbox in June 2021 as a Kubernetes monitoring tool. Pixie is a Kubernetes-native, in-cluster monitoring platform that is auto-instrumented, scriptable, and easy for developers to use. Pixie gives users immediate observability into their applications running on Kubernetes through a single command. Within seconds, Pixie can collect metrics, full-body requests, and network data — helping you spot sources of latency.

10. Submariner

Like Antrea and Kube-OVN, Submariner is a cloud-native networking tool that was added to the CNCF Sandbox in 2021. Submariner allows pods and services in different Kubernetes clusters across hybrid and multi-cloud environments to directly network with each other. Submariner’s design is network plugin (CNI) agnostic and completely open source. It is easily adopted by enterprises looking to deploy applications and services across data centers and regions.

11. Trickster

The CNCF voted Trickster into the organization in March 2021. Trickster is an open-source HTTP reverse proxy cache and a time series dashboard accelerator. A reverse proxy is a server that sits in front of the origin server of a website and directs client requests to the server. By caching content, a reverse proxy can result in faster performance and responses to requests, which is what Trickster does. As a time series database accelerator, Trickster significantly reduces the time it takes to render a dashboard chart by eliminating redundant computations.

12. WasmEdge Runtime

Admitted into the CNCF in April 2021, WasmEdge is a cloud-native WebAssembly runtime for edge and decentralized applications. As a lightweight and high-performance runtime, WasmEdge is currently the fastest Wasm VM in circulation. WasmEdge has been used so far to power microservices, embedded functions, serverless apps, IoT devices, and smart contracts.


As organizations migrate to the cloud, the importance of the open-source projects and democratic standards supported by the CNCF become increasingly apparent. The CNCF is driving the forefront of innovation in the new cloud-native landscape. It unifies and integrates diverse and complex toolsets to be more accessible to developers and end users. These Sandbox projects can give you a glimpse into the direction of the future of cloud computing and help you build your own fully featured Kubernetes toolchain.

Featured Image Source: Pexels

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top