GRC Store

Search / finos-ccc/ccc.k8s.f / v2026.06-rc4

Release · v2026.06-rc4

FINOS-CCC/CCC.K8S.F Capability Catalog

FINOS-CCC/CCC.K8S.F

Capabilities for Managed Kubernetes Container Orchestration technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.k8s.f --tag v2026.06-rc4
Coordinate
oci.grc.store/finos-ccc/ccc.k8s.f:v2026.06-rc4
Manifest digest
sha256:2ad33ac040a6daff2d843de8305d0b3a9ce013222bb970c98ad25fd4bf06ba6b

Provenance

1 layer
Digest Media type Size
fe925678a646… application/vnd.gemara.artifact.v1+yaml 7.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.K8S.F",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.k8s.f",
            "tag": "v2026.06-rc4"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26770748733",
          "GITHUB_SHA": "2b6dab4c1307a0ac67d90c99829f6c1825154c84",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/orchestration/k8s/capabilities.yaml",
            "uri": "file://artifacts/orchestration/k8s/capabilities.yaml",
            "digest": {
              "sha256": "fe925678a646828531545114a1f99ed5b39ed7dd2e4f244d116e3e33c51ce226"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@2b6dab4c1307a0ac67d90c99829f6c1825154c84",
            "digest": {
              "gitCommit": "2b6dab4c1307a0ac67d90c99829f6c1825154c84"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26770748733",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26770748733-1",
          "startedOn": "2026-06-01T17:30:35.903286664Z",
          "finishedOn": "2026-06-01T17:30:36.156071157Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "fe925678a646828531545114a1f99ed5b39ed7dd2e4f244d116e3e33c51ce226"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.K8S.F",
      "role": "artifact"
    }
  ]
}

CCC Managed Kubernetes Container Orchestration Capabilities

Capabilities for Managed Kubernetes Container Orchestration technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.K8S.F
Version
v2026.06-rc4
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Orchestration

The Orchestration group covers entries related to coordinating and managing workloads across distributed systems. This includes container orchestration, job scheduling, CI/CD pipelines, build automation, and service mesh management.

  1. CCC.K8S.F01 Managed Kubernetes Control Plane

    Provides a fully managed Kubernetes control plane that has high availability, with automatic updates and patching.

  2. CCC.K8S.F02 Managed Node Pool

    Provides fully managed Kubernetes worker nodes (compute resources). These nodes are provisioned, updated, patched, and monitored for you by the service.

  3. CCC.K8S.F05 OCI Container Image Execution

    Supports running containerized workloads using OCI-compliant images, providing an isolated execution environment for applications.

  4. CCC.K8S.F06 Container Registry Integration

    Enables integration with public or private container registries to retrieve container images for execution.

Compute

The Compute group covers entries related to processing, execution, and runtime infrastructure. This includes CPU, memory, storage allocation, network ports, command-line interfaces, and elastic scaling.

  1. CCC.K8S.F03 Virtual Nodes

    Ability to have fully managed virtual compute resources to power Kubernetes worker nodes. This will eliminate the need to manage underlying nodes.

  2. CCC.K8S.F04 GPU Support

    Support for GPU-accelerated workloads through integration of GPUs, enabling high-performance computing.

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.ContOrch.F07 Storage Integration

    Supports attaching ephemeral or persistent storage volumes to running containers in the Kubernetes cluster.

Networking

The Networking group covers entries related to network infrastructure, connectivity, and traffic management. This includes virtual networks, subnets, load balancing, DNS, routing, peering, and network-level access controls.

  1. CCC.K8S.F08 Built-in Ingress Load Balancing

    Built-in support for distributes incoming traffic across running container instances to optimize resource usage and availability.

  2. CCC.K8S.F10 Private Cluster Endpoints

    Ability to restrict access to the Kubernetes API server to private networks, ensuring the control plane is only accessible within your VPC.

  3. CCC.K8S.F11 Service Mesh Integration

    Ability to integrate with managed service mesh offering by the cloud service provider for service discovery, traffic routing, observability, and security.

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.ContOrch.F09 Cluster Auto Scaling

    Ability to automatically scale the number of worker nodes in the cluster based on workload demand, ensuring efficient resource utilization.

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.K8S.F12 Secrets Integration

    Ability to seamlessly integrate with cloud native secret manager service to securely manage and access secrets, such as API keys, database credentials, or certificates, within Kubernetes workloads.

Observability

The Observability group covers entries related to logging, monitoring, metrics, alerting, and event publication. This includes audit trail integrity, enumeration detection, and protection against tampering or unauthorized access to operational telemetry.

  1. CCC.K8S.F13 Observability Tooling Integration

    Ability integrate with Observability tooling such as Prometheus and Grafana to provide comprehensive monitoring, and visualization for Kubernetes clusters.