Skip to content
Switch branches/tags


Failed to load latest commit information.
Latest commit message
Commit time

GitHub release CI PkgGoDev Go Report Card CII Best Practices

Cybozu Kubernetes Engine

Kubernetes certification logo

CKE (Cybozu Kubernetes Engine) is a distributed service that automates Kubernetes cluster management.

Project Status: GA


CKE requirements

Node OS Requirements

  • Docker: etcd data is stored in Docker volumes.
  • A user who belongs to docker group
  • SSH access for the user


  • Bootstrapping and life-cycle management.

    CKE can bootstrap a Kubernetes and etcd cluster from scratch. CKE can also add or remove nodes to/from the Kubernetes and etcd cluster.

  • In-place and fast upgrade of Kubernetes

    A version of CKE corresponds strictly to a single version of Kubernetes. Therefore, upgrading CKE will upgrade the managed Kubernetes.

    Unlike kubeadm or similar tools, CKE can automatically upgrade its managed Kubernetes without draining nodes. The time taken for the upgrade is not proportional to the number of nodes, so it is very fast.

  • Graceful rebooting of nodes

    CKE can reboot specified nodes gracefully using the Kubernetes eviction API.

  • Managed etcd cluster

    CKE manages an etcd cluster for Kubernetes. Other applications may also store their data in the same etcd cluster.

    Details are described in docs/

  • CRI runtimes

    In addition to Docker, CRI runtimes such as containerd or cri-o can be used to run Kubernetes Pods.

  • Certificate for admission webhooks

    Admission webhooks are Kubernetes extension to validate or mutate API resources. Installing them requires some sort of self-signed X509 certificates.

    CKE can become a certificate authority (CA) and issue certificates for these webhooks.

  • Kubernetes features:

  • User-defined resources:

    CKE automatically creates or updates Kubernetes API resources such as Deployments, Namespaces, or CronJobs that are defined by users. This feature helps users to automate Kubernetes cluster maintenance.

  • Sabakan integration

    CKE can be integrated with sabakan, a service that automates physical server management, to generate cluster configuration automatically.

    Sabakan is not a requirement; cluster configuration can be supplied externally by a YAML file.

  • High availability

    CKE stores its configurations in etcd to share them among multiple instances. Etcd is also used to elect a leader instance that exclusively controls the Kubernetes cluster.

  • Operation logs

    To track problems and life-cycle events, CKE keeps operation logs in etcd.


This repository contains these programs:

  • cke: the service.
  • ckecli: CLI tool for cke.
  • cke-localproxy: an optional service to run kube-proxy on the same host as CKE.

To see their usage, run them with -h option.

Getting started

A demonstration of CKE running on docker is available at example directory.


docs directory contains tutorials and specifications.


Run CKE with docker

$ docker run -d --read-only \
    --network host --name cke \ [options...]

Install ckecli and cke-localproxy to a host directory

$ docker run --rm -u root:root \
    --entrypoint /usr/local/cke/install-tools \
    --mount type=bind,src=DIR,target=/host \

Docker images

Docker images are available on


Please report bugs / issues to GitHub issues.

Feel free to send your pull requests!


CKE is licensed under MIT license.