# Kubernetes Ingress Controllers > Search results for `Kubernetes ingress controller for routing external traffic` on awesome-repositories.com. 103 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/kubernetes-ingress-controller-for-routing-external-traffic **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/kubernetes-ingress-controller-for-routing-external-traffic).** ## Results - [kubernetes/ingress-nginx](https://awesome-repositories.com/repository/kubernetes-ingress-nginx.md) (19,492 ⭐) — This project is a Kubernetes Ingress Controller that functions as a layer 7 traffic router and NGINX reverse proxy. It serves as a secure network gateway, directing external HTTP and HTTPS traffic to backend services within a cluster based on declarative routing rules. The controller acts as a TLS termination gateway to secure traffic and integrates with Prometheus to expose request metrics and latency data for cluster monitoring. It supports canary deployment workflows by implementing weight-based traffic splitting between different versions of a service. The system manages external access and multi-service routing through hostname and path-based rules. It utilizes a template-driven configuration process that synchronizes with cluster resources, employing leader election for high availability and hot-reloading to apply updates without disrupting active connections. - [kubernetes-sigs/external-dns](https://awesome-repositories.com/repository/kubernetes-sigs-external-dns.md) (8,999 ⭐) — ExternalDNS is a controller that automatically synchronizes Kubernetes resource states with external DNS providers. It monitors cluster resources such as services, ingresses, and gateway APIs to dynamically create and update DNS records, enabling automated service discovery and external traffic management. The project features a provider-agnostic interface that supports a wide array of cloud-managed vendors and on-premises providers, as well as an extension system for custom providers via webhooks and sidecars. It implements a reconciliation loop that uses resource annotations and custom resource definitions for declarative DNS management, ensuring that records are synchronized based on the desired state of the cluster. To maintain stability and security, the controller utilizes leader election for high availability and tracks record ownership through TXT records or external databases like DynamoDB. It optimizes provider API usage through in-memory caching and batching of record changes. The system also supports advanced traffic management, including split-horizon DNS and routing policies, while exposing operational metrics via Prometheus. - [kubernetes/kubernetes](https://awesome-repositories.com/repository/kubernetes-kubernetes.md) (123,197 ⭐) — Kubernetes is a distributed container orchestration platform that automates the deployment, scaling, and management of containerized applications across clusters of computing nodes. It functions as a declarative infrastructure controller, utilizing a control loop architecture that continuously monitors the current system state against user-defined configurations to ensure desired operational outcomes. The system relies on a centralized API-driven interface and a replicated key-value store to maintain a consistent source of truth for all cluster objects. The platform distinguishes itself through a highly extensible design that allows users to define domain-specific objects using the same native API and control loop infrastructure. It employs a standardized abstraction layer for container runtimes, enabling modular execution engines, and utilizes a pluggable controller pattern that supports third-party integrations without requiring modifications to the core codebase. An algorithmic bin-packing engine further optimizes hardware utilization by dynamically matching workload requirements with available cluster capacity. Beyond core orchestration, the system provides comprehensive operational support for distributed environments, including automated lifecycle management, horizontal and vertical scaling, and self-healing mechanisms that maintain service availability. It encompasses integrated solutions for networking, persistent storage orchestration, and secure secret management. Diagnostic utilities for monitoring performance metrics, aggregating logs, and troubleshooting infrastructure-level issues are also included to support cluster health and reliability. - [apache/apisix](https://awesome-repositories.com/repository/apache-apisix.md) (16,767 ⭐) — This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the request lifecycle. It provides specialized capabilities for modern AI workflows, including model request proxying, token-based budget enforcement, content moderation, and agentic workflow tracing. Furthermore, it supports complex multi-protocol environments by bridging diverse communication standards, including gRPC and various binary protocols, without requiring additional sidecar processes. Beyond its core proxying functions, the gateway offers a comprehensive suite of traffic management and security tools. It handles authentication and authorization through multiple strategies, including token validation and identity provider integration, while maintaining granular control over TLS policies and secret management. The system also provides robust observability through distributed tracing, metrics exporting, and detailed request logging, ensuring visibility into both standard API traffic and complex AI-driven interactions. The software is designed for containerized environments and can be deployed using standard container images, with full support for translating Kubernetes ingress resources into live routing rules. - [linkerd/linkerd2](https://awesome-repositories.com/repository/linkerd-linkerd2.md) (11,424 ⭐) — This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-cluster connectivity. It enforces mutual TLS for all inter-service communication by automatically issuing and rotating short-lived cryptographic certificates, ensuring that traffic is encrypted and identities are verified. Furthermore, it provides robust multicluster capabilities, enabling unified service discovery, traffic routing, and load balancing across distinct network environments, effectively bridging distributed workloads into a single logical communication fabric. Beyond its core security and connectivity features, the project offers a comprehensive suite for traffic management and observability. It supports advanced routing strategies, including header-based and protocol-aware traffic shifting, alongside resilience patterns like circuit breaking, retries, and fault injection to maintain system stability. The observability framework collects real-time telemetry, request metrics, and distributed traces, providing deep visibility into service health, performance, and dependencies through integrated dashboards and diagnostic tools. The project is managed via a command-line interface that supports automated installation, upgrades, and cluster diagnostics to ensure operational readiness. It allows for extensive customization of proxy behavior and resource allocation through standard Kubernetes manifests and annotations, facilitating integration into diverse infrastructure environments. - [external-secrets/external-secrets](https://awesome-repositories.com/repository/external-secrets-external-secrets.md) (6,697 ⭐) — External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. - [kubernetes-sigs/gateway-api](https://awesome-repositories.com/repository/kubernetes-sigs-gateway-api.md) (2,661 ⭐) — The Gateway API is a standardized set of resources for routing HTTP, gRPC, and TCP traffic into and within Kubernetes clusters. It serves as a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols, acting as a specification for ingress and service mesh traffic interfaces. The project utilizes a role-oriented configuration that separates infrastructure provisioning from routing logic. It implements a class-based provider selection system to match requested infrastructure to specific controller implementations and employs a conformance-driven specification to ensure all implementations pass standardized tests. The API covers a broad range of networking domains, including external ingress management, internal service mesh routing, and Layer 4 load balancing. It incorporates security and access control primitives such as backend TLS configuration, hostname ownership delegation to prevent route hijacking, and cross-namespace reference authorization. The project includes a networking conformance suite used to verify that implementations adhere to the official API specifications. - [humansignal/label-studio](https://awesome-repositories.com/repository/humansignal-label-studio.md) (27,619 ⭐) — Label Studio is a multi-modal data annotation platform designed to create and manage high-quality training datasets for machine learning. It functions as a self-hosted, containerized environment that supports secure, private deployments, including air-gapped configurations. The platform provides a centralized workspace for labeling diverse media types, such as images, text, audio, and time-series data, to support supervised and reinforcement learning workflows. The platform distinguishes itself through deep integration with machine learning backends, enabling active learning loops, automated pre-labeling, and real-time model-assisted annotation. It features a declarative interface configuration system that uses markup to define custom labeling tools, alongside plugin-based extensibility that allows for the injection of custom logic. To support enterprise-scale operations, it includes granular role-based access control, collaborative feedback tools, and automated task distribution management. The system covers a broad capability surface, including automated data ingestion from cloud storage, programmatic pipeline management via REST APIs, and comprehensive data export options. It also provides built-in observability tools to monitor annotator performance, inter-annotator agreement, and model quality. The application is packaged as a portable, container-ready microservice designed for deployment in scalable, cloud-native environments. - [cert-manager/cert-manager](https://awesome-repositories.com/repository/cert-manager-cert-manager.md) (13,578 ⭐) — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for automated domain validation and multi-provider integration. It orchestrates complex challenge processes—including those for private or split-horizon networks—to prove domain ownership without manual intervention. Beyond standard certificate management, it provides granular policy enforcement, allowing administrators to restrict issuance permissions, delegate certificate requests to specific service accounts, and enforce security requirements through custom metadata and issuer configurations. The platform covers a broad capability surface for securing network traffic and service communication. It supports diverse issuance workflows, ranging from public certificate authorities and ACME-based automation to private internal PKI infrastructures. The system also includes robust observability tools, such as operational metrics and status inspection, alongside administrative features for managing resource configurations, performing API migrations, and scaling controller components for high-availability environments. Installation and management are facilitated through standard cluster deployment workflows, with comprehensive command-line tools available for troubleshooting, configuration export, and lifecycle verification. - [openfaas/faas](https://awesome-repositories.com/repository/openfaas-faas.md) (26,092 ⭐) — OpenFaaS is a serverless function platform that provides a container-native framework for deploying and managing event-driven code. It functions as an abstraction layer over container orchestrators, allowing developers to package code into scalable functions that run across Kubernetes clusters or edge computing environments. The platform distinguishes itself through a developer-centric runtime that utilizes standardized language templates and automated build pipelines to simplify the creation of container images. It features a central API gateway that manages request routing, authentication, and metrics, while a sidecar-based watchdog process handles the translation of HTTP requests into standard input and output for function code. To support complex workflows, the system includes an asynchronous queue-based execution layer that buffers requests for long-running tasks and provides reliable retries. The project covers a broad capability surface, including event-driven integration through connectors for various message queues and external sources, as well as comprehensive tooling for CLI-based management, secret handling, and CI/CD pipeline integration. It also supports advanced operational requirements such as autoscaling, fine-grained monitoring, and identity management through various single sign-on providers. The platform is designed for deployment on Kubernetes, including managed services and local environments, and provides extensive documentation and tutorials to guide users through the installation and development lifecycle. - [kubernetes/minikube](https://awesome-repositories.com/repository/kubernetes-minikube.md) (31,877 ⭐) — Minikube is a command-line tool designed for local Kubernetes development, enabling users to provision and manage full-featured container clusters directly on a workstation. It serves as a local orchestrator that automates the lifecycle of isolated environments, allowing developers to start, stop, pause, and delete clusters to support testing and integration workflows. The project distinguishes itself through its flexible architecture, which supports multiple virtualization drivers and container runtimes to accommodate diverse host environments. It provides deep integration between the host and the cluster, including bidirectional filesystem mounting, service tunneling for local access, and the ability to build or load container images directly into the cluster runtime. Furthermore, it supports multi-node cluster management and profile-based configuration, allowing users to maintain separate, isolated environments for different projects. Beyond core orchestration, the tool covers a broad range of operational capabilities including dynamic storage provisioning, network policy enforcement, and hardware acceleration for specialized workloads like artificial intelligence. It also includes administrative features such as audit logging, secure authentication, and a web-based dashboard for monitoring cluster health and resource status. The project is distributed as a command-line utility that provides versioning to ensure compatibility between the management interface and the running cluster. - [kubeshark/kubeshark](https://awesome-repositories.com/repository/kubeshark-kubeshark.md) (11,954 ⭐) — Kubeshark is a network observability platform designed for Kubernetes environments, functioning as an eBPF-powered engine for cluster-wide traffic analysis. It captures, indexes, and visualizes network activity and API calls directly from the kernel, providing deep visibility into service-to-service communication without requiring sidecar proxies or manual code instrumentation. The platform distinguishes itself through its ability to perform protocol-aware traffic dissection and user-space cryptographic hooking, which allows for the inspection of encrypted traffic and the reconstruction of application-layer protocols like HTTP, gRPC, and Kafka. It supports advanced diagnostic capabilities, including AI-driven troubleshooting, forensic analysis of network snapshots, and the correlation of infrastructure events with application-level traffic patterns. Beyond core monitoring, the system provides a comprehensive suite of tools for managing traffic data, including granular role-based access control, sensitive data redaction, and flexible storage options ranging from ephemeral local buffers to cloud-based object storage. It is built to operate in diverse environments, supporting air-gapped deployments and integrating with standard Kubernetes ingress resources for secure dashboard access. The project is managed via a command-line interface that facilitates deployment control, custom script execution, and the sharing of specific traffic analysis views through encoded search queries. - [tailscale/tailscale](https://awesome-repositories.com/repository/tailscale-tailscale.md) (32,596 ⭐) — Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is its deep integration with existing identity providers, which allows organizations to bind network access to verified user accounts and device posture. It enforces granular security through declarative access control lists and microsegmentation, enabling administrators to define precise permissions for users and services. Beyond standard connectivity, the platform includes a secure AI gateway that proxies and audits language model requests, providing centralized control over API usage, spending limits, and security guardrails. The project offers a comprehensive suite of administrative and developer tools, including infrastructure-as-code support, automated node registration, and identity-based SSH access that eliminates the need for manual key management. It also provides flexible traffic management capabilities, such as exit nodes for egress control, subnet routers for bridging isolated network segments, and public-facing service exposure through encrypted tunnels. The software is distributed as an open-source command-line daemon, supporting a wide range of operating systems and containerized environments to facilitate automated infrastructure deployment. - [kubernetes-sigs/kind](https://awesome-repositories.com/repository/kubernetes-sigs-kind.md) (15,320 ⭐) — This project is a local Kubernetes cluster manager and tool that runs control plane and worker nodes as containers on a host machine. It provides an environment for local development and automated testing by emulating a full Kubernetes cluster within a container runtime. The tool enables the creation of multi-node topologies and high-availability control planes through configuration files. It supports image sideloading to transfer container images directly from the host to nodes, bypassing remote registries, and allows for offline deployments using pre-built node images. Capabilities include the automation of ephemeral clusters for continuous integration pipelines, custom node image building, and the mapping of host ports and storage into node containers. It also provides utilities for network configuration, such as custom CNI support, load balancer provisioning, and API server runtime management. - [inconshreveable/ngrok](https://awesome-repositories.com/repository/inconshreveable-ngrok.md) (24,446 ⭐) — ngrok is a secure TCP tunneling proxy and API ingress controller that exposes local services to the public internet. It establishes a persistent connection between a local agent and a cloud-based gateway to route traffic to local ports without requiring firewall or router configuration changes. The project provides a global gateway for routing API traffic, which includes built-in support for rate limiting and authentication policy enforcement. It also functions as an IoT device gateway, enabling remote command execution and access control for embedded hardware via a cloud-to-device bridge. Additional capabilities cover network connectivity and observability, including site-to-site VPNs for linking private networks and a traffic inspector for capturing and replaying HTTP requests. It further includes utilities for intercepting and replaying webhooks to verify integration logic locally. - [gravitl/netmaker](https://awesome-repositories.com/repository/gravitl-netmaker.md) (11,630 ⭐) — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and software-defined perimeters, which hide network resources from the public internet while enforcing granular, identity-based security policies. It supports complex network topologies by providing dynamic relay-based routing for firewall-traversal and gateway-based bridging for isolated subnets. These capabilities allow for the creation of scalable, high-performance overlays that maintain consistent connectivity even when direct peer-to-peer paths are unavailable. Beyond core connectivity, the project provides a comprehensive suite of management tools, including automated node provisioning, private service discovery via integrated DNS, and multi-tenant infrastructure support. It also offers robust observability features, such as administrative audit logging and network health monitoring, to ensure operational visibility. The entire networking stack can be self-hosted to maintain data sovereignty, and the platform integrates with external identity providers to streamline authentication and device onboarding. - [istio/istio](https://awesome-repositories.com/repository/istio-istio.md) (38,226 ⭐) — Istio is a service mesh infrastructure that provides a centralized control plane to manage, secure, and observe communication between distributed microservices. It functions as a policy-driven network traffic controller, enabling developers to route, balance, and secure service-to-service traffic without requiring modifications to application code. The system enforces zero-trust security by utilizing mutual transport layer authentication to verify cryptographic identities for every network request. The project distinguishes itself through a sidecar-less proxy architecture, which offloads networking tasks to shared infrastructure proxies rather than requiring individual proxies for every container. This approach is complemented by waypoint proxies, which perform deep packet inspection and enforce granular access policies at the application layer. Furthermore, the platform provides a unified connectivity fabric that synchronizes service registry data across multiple clusters, allowing for consistent traffic management and security policy enforcement across disparate network boundaries. The system operates on a declarative model where a centralized management component continuously reconciles the desired state with the underlying network infrastructure. It supports both transport-layer and application-layer authorization, allowing for precise control over service access based on service accounts and specific request methods. The architecture is designed to simplify operational management and reduce resource overhead while maintaining consistent network behavior across complex, multi-cluster environments. - [haproxy/haproxy](https://awesome-repositories.com/repository/haproxy-haproxy.md) (6,344 ⭐) — HAProxy is a high-performance TCP and HTTP proxy that distributes traffic across multiple backend servers to ensure availability and fault tolerance for critical services. It operates in either TCP or HTTP mode, with an event-driven, single-threaded reactor that handles tens of thousands of connections without context switching, and supports kernel-level data transfer to minimize memory usage and latency. What distinguishes HAProxy is its configuration-file-first design, where all load-balancing rules and runtime behavior are defined in a declarative text file parsed at startup. It embeds a Lua interpreter for custom request handling and routing logic, and exposes a runtime socket control plane that accepts text commands to modify server states, weights, ACLs, and maps without restarting the process. A shared-memory stick-table engine maintains session state and counters that can be synchronized across peer instances, while the ACL-based decision tree evaluates named conditions to branch traffic through a rule chain of actions. The platform provides comprehensive traffic management capabilities including load balancing with configurable algorithms, HTTP header and content rewriting, session persistence, rate limiting, and bandwidth controls. It handles SSL/TLS termination with automatic certificate management via the ACME protocol, and supports Kubernetes ingress and gateway traffic control using standard Gateway API and Ingress API rules. Observability features include customizable log formats, remote log forwarding, request tracing, and real-time system metrics monitoring. HAProxy offers multiple interfaces for runtime configuration management, including a REST API for programmatic load balancer configuration, interactive CLI sessions over Unix sockets, and in-memory map editing without configuration reloads. - [fosrl/pangolin](https://awesome-repositories.com/repository/fosrl-pangolin.md) (21,255 ⭐) — Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes network state using version-controlled manifests. It supports complex connectivity requirements through peer-to-peer NAT traversal, which facilitates direct encrypted connections between nodes, with automatic fallback to server-based relaying when necessary. Additionally, it provides browser-based access to remote resources, eliminating the need for local client software for many common administrative and service-access tasks. Beyond its core tunneling capabilities, the platform includes a comprehensive suite of tools for traffic management, security, and observability. It features granular access control policies based on user identity, geolocation, and network attributes, alongside automated certificate management and multi-factor authentication. The system also provides extensive monitoring, audit logging, and alerting capabilities to track infrastructure health and security events across multi-site deployments. Pangolin is designed for containerized and multi-site environments, offering flexible deployment options through standard packaging and automated reconciliation workflows. - [external-secrets/kubernetes-external-secrets](https://awesome-repositories.com/repository/external-secrets-kubernetes-external-secrets.md) (2,584 ⭐) — This project has been deprecated. Please take a look at ESO (External Secrets Operator) instead https://github.com/external-secrets/external-secrets - [alibaba/higress](https://awesome-repositories.com/repository/alibaba-higress.md) (7,558 ⭐) — Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based caching to reduce token consumption and latency. Broad capabilities cover API lifecycle management and traffic control, including canary releases, load balancing, and rate limiting. The system includes a comprehensive security suite with WAF filtering, OIDC and OAuth2 identity integration, and automated TLS certificate management. Extensibility is provided via a WebAssembly-based plugin system that allows for hot-loading custom logic without interrupting traffic. The gateway can be deployed to Kubernetes or Docker and supports the Kubernetes Gateway API and Ingress standards. - [tyktechnologies/tyk](https://awesome-repositories.com/repository/tyktechnologies-tyk.md) (10,744 ⭐) — Tyk is an open-source API gateway written in Go that routes, secures, and monitors network traffic across REST, GraphQL, TCP, and gRPC protocols. It functions as a multi-protocol proxy designed to deliver requests to backend services while managing the end-to-end API lifecycle. The system distinguishes itself through a plugin-based architecture that allows for the injection of custom logic into the request and response middleware chain. It also features native Kubernetes integration, operating as an ingress controller that uses operators and custom resource definitions to deploy security policies and orchestrate API routing. The gateway covers a broad range of management capabilities, including standardized authentication via tokens and certificates, granular access control, and network restrictions. It provides tools for traffic rate limiting and quotas to protect backend services, along with usage analytics and event-driven webhooks for external notifications. Configuration is managed through a dedicated command line tool that synchronizes system settings with version control systems across distributed nodes. - [posthog/posthog](https://awesome-repositories.com/repository/posthog-posthog.md) (35,060 ⭐) — PostHog is a comprehensive product analytics and feature management platform designed to capture, process, and visualize user behavior data. It provides a unified suite for tracking application events, managing feature rollouts, and monitoring system health through session recordings and error tracking. By leveraging a columnar-storage-optimized architecture, the platform enables high-performance aggregation and filtering across massive event datasets. What distinguishes PostHog is its integrated approach to data pipelines and application control. It features a robust event ingestion system that supports custom transformation logic through sandboxed scripting, allowing for real-time data manipulation before storage. The platform also includes a sophisticated feature flagging service that supports multivariate testing and dynamic configuration across web and mobile environments, alongside automated anomaly detection and alerting engines that monitor data streams for performance shifts. The platform covers a broad observability surface, including application performance monitoring, qualitative user feedback collection via targeted surveys, and detailed activity auditing. It provides extensive administrative controls, such as granular access management and secure proxy infrastructure, to ensure reliable data collection and compliance. Developers can interact with the platform through a documented API that supports authenticated access, rate limiting, and efficient result pagination. - [apache/answer](https://awesome-repositories.com/repository/apache-answer.md) (15,564 ⭐) — Answer is a self-hosted Q&A platform and knowledge base software designed for capturing and sharing structured information through a searchable forum interface. It functions as a community forum and knowledge management system for hosting repositories of questions and answers. The platform is modular, utilizing a plugin system to add custom extensions and tailored capabilities. It also supports international users through content localization and locale-based text mapping for a multilingual experience. The software provides capabilities for establishing customer help centers, internal knowledge management systems, and private community forums. It supports containerized deployment and orchestration to manage scaling, traffic routing, and persistent data storage. - [osrf/traffic-editor](https://awesome-repositories.com/repository/osrf-traffic-editor.md) (161 ⭐) — GUI, CLI, and ROS 2 messages for robot traffic flows in buildings - [k0sproject/k0s](https://awesome-repositories.com/repository/k0sproject-k0s.md) (6,290 ⭐) — k0s is a Kubernetes distribution that packages all control plane and worker components into a single binary, enabling cluster deployment with no host dependencies beyond the Linux kernel. It supports a container-native runtime where controllers and workers run inside Docker containers using a single OCI image, and offers declarative YAML configuration for defining cluster topology, host roles, and SSH connection details. The distribution provides pre-built binaries for x86-64, ARM64, ARMv7, and RISC-V architectures, and uses cryptographically signed tokens for secure node enrollment. The project distinguishes itself through pluggable backends for the datastore, Container Network Interface (CNI), and Container Runtime Interface (CRI), allowing selection among etcd, SQLite, MySQL, or PostgreSQL for state storage, and integration with any CNI or CRI plugin with sensible defaults provided. It supports air-gapped deployment by packaging all required container images and binaries into a single tarball for offline installation, and includes a dedicated CLI tool for automating cluster upgrades, backups, and restores. The distribution covers cluster lifecycle management from bootstrap to scaling, supporting single-node, multi-node, highly-available, and Docker-based setups. It provides cluster access through kubeconfig retrieval and embedded kubectl, and manages service lifecycle with start and stop commands. The project also supports persistent storage through Container Storage Interface (CSI) integration and enables deployment across cloud, bare metal, edge, and IoT environments. - [symfony/routing](https://awesome-repositories.com/repository/symfony-routing.md) (7,618 ⭐) — This PHP routing library is an HTTP request router and matcher designed to map incoming URL paths to specific controller actions using defined patterns and configuration. It serves as a programmatic interface for defining, loading, and resolving URL patterns, while providing a URL generator to produce absolute or relative URIs from route names and parameters. The system supports diverse route loading through YAML, XML, PHP arrays, and class attributes, utilizing compiled route matching to optimize performance. It enables sophisticated request handling through regex-based path matching, sub-domain routing, and localized route paths. To handle high-volume dynamic URL sets, the library provides a mechanism for route resolution via a database index. Broad capability areas include HTTP route validation via regular expressions, the restriction of routes by HTTP method, and the use of expression-based conditional matching to evaluate requests based on runtime context. It also supports route grouping with shared prefixes and the ability to sign and verify URIs for integrity. - [quarkusio/quarkus](https://awesome-repositories.com/repository/quarkusio-quarkus.md) (15,479 ⭐) — Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative programming, allowing developers to mix non-blocking, event-driven logic with traditional blocking code. It features a specialized dependency injection container optimized for build-time resolution and supports virtual thread concurrency to improve throughput in high-concurrency environments. Its container-native lifecycle management ensures seamless integration with cloud infrastructure, providing automated health monitoring and service orchestration. Quarkus covers a broad capability surface, including comprehensive support for RESTful web services, event-driven messaging, and secure identity management. It integrates with standard enterprise specifications and provides extensive tooling for automated infrastructure provisioning, distributed tracing, and observability. The platform also includes a developer-focused dashboard and live-coding capabilities to streamline the development lifecycle. The project provides extensive documentation and a modular extension system that allows developers to add features while maintaining native compatibility. It is designed to be installed and managed through standard build automation tools, supporting a wide range of deployment targets including serverless functions and managed Kubernetes clusters. - [operator-framework/operator-sdk](https://awesome-repositories.com/repository/operator-framework-operator-sdk.md) (7,658 ⭐) — The Operator SDK is a framework for building, packaging, and managing custom controllers that extend the Kubernetes API. It serves as a toolset for defining new API types and implementing reconcile loops to automate the lifecycles of complex applications. The project provides specialized support for creating operators based on Helm charts or Ansible playbooks, allowing users to maintain a desired cluster state using existing automation tools. It includes a dedicated system for packaging controllers into standardized container image bundles for distribution via the Operator Lifecycle Manager. The SDK covers a broad range of operational capabilities, including project scaffolding, RBAC manifest generation, and the implementation of admission webhooks for API validation. It also provides tools for multi-architecture builds, observability instrumentation, and automated testing through scorecard and integration frameworks. A command-line interface is provided to scaffold projects, manage operator deployments, and validate bundle compliance from a local environment. - [kanidm/kanidm](https://awesome-repositories.com/repository/kanidm-kanidm.md) (4,595 ⭐) — Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies based on user, group, and resource attributes. It incorporates advanced security features such as privilege access mode enforcement, which requires reauthentication for sensitive operations, and high-privilege group tainting to prevent lateral movement. Administrators can delegate management tasks for specific entries or groups, ensuring that permissions remain tightly scoped while maintaining operational flexibility. Beyond core identity functions, the platform includes robust tools for system maintenance, including automated backup scheduling, database consistency verification, and multi-node replication to ensure high availability. It also provides deep integration with host operating systems through pluggable authentication modules and supports infrastructure access provisioning by managing SSH keys and POSIX attributes. The project provides a suite of command-line utilities for administrative tasks, session management, and server configuration. Documentation and installation resources are available to guide the deployment of the server and its associated client tools. - [insin/control-panel-for-twitter](https://awesome-repositories.com/repository/insin-control-panel-for-twitter.md) (2,540 ⭐) — Browser extension which gives you more control over your Twitter timeline and adds missing features and UI improvements - for desktop and mobile - [openshift/origin](https://awesome-repositories.com/repository/openshift-origin.md) (8,662 ⭐) — OpenShift Origin is a Kubernetes distribution platform that extends Kubernetes with integrated security, multi-tenancy, and application lifecycle management for enterprise container orchestration. It functions as a multi-tenant container orchestrator that enforces per-project security policies, resource quotas, and SELinux isolation for shared cluster environments. The platform includes a Source-to-Image builder that creates container images directly from application source code using Dockerfiles or buildpacks without external build servers, and an Operator Lifecycle Manager that installs and manages platform operators from a curated catalog. It provides an OpenShift Conformance Test Suite that validates Kubernetes and OpenShift API compliance across cluster deployments and upgrades. The system supports building container images from source, managing image lifecycles with streams, deploying Kubernetes clusters, running local development clusters, and installing operators from a catalog. It includes capabilities for monitoring cluster and application health, provisioning isolated projects with predefined controls, exposing services via public routes, controlling container privileges with security contexts, and enforcing multi-tenant security policies. - [thephpleague/route](https://awesome-repositories.com/repository/thephpleague-route.md) (667 ⭐) — Fast PSR-7 based routing and dispatch component including PSR-15 middleware, built on top of FastRoute. - [garygreen/pretty-routes](https://awesome-repositories.com/repository/garygreen-pretty-routes.md) (0 ⭐) — Pretty Routes for Laravel - [hashicorp/vault](https://awesome-repositories.com/repository/hashicorp-vault.md) (35,796 ⭐) — Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguishes Vault is its ability to generate dynamic, short-lived credentials on-demand for databases and cloud providers, which are automatically revoked upon lease expiration to minimize security exposure. The platform also functions as an encryption-as-a-service provider, allowing applications to offload data protection, tokenization, and key management tasks to a centralized interface. Its modular architecture is supported by an extensible plugin system that uses remote procedure calls to integrate new functionality without requiring modifications to the primary codebase. Beyond core secret handling, the platform offers comprehensive certificate lifecycle automation, including the generation, storage, and rotation of security certificates to maintain encrypted communication channels. It supports high-availability deployments through a distributed consensus protocol that synchronizes state across clusters and automatically forwards requests to the active leader node. The system also integrates with hardware security modules for enhanced key protection and maintains detailed audit logs to support regulatory compliance requirements. Users interact with the platform through a command-line interface that supports API endpoint invocation, environment variable configuration, and shell autocompletion for operational tasks. - [bunkerity/bunkerweb](https://awesome-repositories.com/repository/bunkerity-bunkerweb.md) (10,629 ⭐) — BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a management interface for real-time IP banning and attack monitoring. The system covers a broad range of security and traffic capabilities, including signature-based threat detection, challenge-based bot mitigation, and identity-based access control. It manages network flow through load balancing, request rate limiting, and multi-tenant site isolation, while hardening browser-side security via HTTP response header configuration. - [opencost/opencost](https://awesome-repositories.com/repository/opencost-opencost.md) (6,605 ⭐) — OpenCost is an open-source tool for monitoring and allocating Kubernetes and cloud infrastructure costs. It provides real-time visibility into spending by distributing asset costs to workloads based on resource requests and usage, breaking down spend by namespace, deployment, pod, and label. The system functions as both a Kubernetes cost allocation engine and a multi-cloud cost analyzer, ingesting billing data from AWS, Azure, and GCP to present unified cost metrics alongside cluster costs. The tool distinguishes itself through its allocation-based cost model, which compares requested versus used resources to distribute infrastructure costs to Kubernetes workloads. It integrates directly with cloud provider billing APIs to fetch dynamic pricing for accurate resource valuation, and supports custom pricing for on-premises environments through CSV imports. OpenCost also offers a Model Context Protocol server that exposes cost and allocation data for programmatic querying by AI agents and automation tools, alongside a REST API and kubectl plugin for traditional integration and command-line access. The platform provides multiple ways to visualize and export cost data, including pre-built Grafana dashboards, an interactive web dashboard, and export pipelines to CSV and Parquet formats. It tracks historical cost trends, calculates idle costs, distributes shared costs across tenants, and reports estimated carbon footprints for cloud resources. Deployment is managed through a Helm chart with configurable storage, Prometheus, and cloud provider settings, and the system can connect to existing Prometheus-compatible stores for metrics ingestion. - [actions/actions-runner-controller](https://awesome-repositories.com/repository/actions-actions-runner-controller.md) (6,320 ⭐) — Kubernetes controller for GitHub Actions self-hosted runners - [fridays/next-routes](https://awesome-repositories.com/repository/fridays-next-routes.md) (2,462 ⭐) — Universal dynamic routes for Next.js - [meshery/meshery](https://awesome-repositories.com/repository/meshery-meshery.md) (9,966 ⭐) — Meshery is a service mesh management plane and cloud native infrastructure orchestrator. It provides a visual design-as-code environment for modeling microservices and infrastructure components through declarative blueprints, functioning as a centralized platform for designing, deploying, and managing service mesh infrastructure. The platform is distinguished by its ability to translate visual designs into active deployments and its use of gRPC-based adapters to integrate with diverse infrastructure providers. It features a multi-tenant architecture that manages shared workspaces and role-based access control, allowing teams to collaboratively share, publish, and merge infrastructure designs. Its capabilities extend to infrastructure lifecycle management, resource discovery via composite fingerprints, and performance analysis through synthetic traffic generation. It also covers comprehensive configuration management, including the ability to package infrastructure models into OCI-compatible images for portable distribution. The management plane can be installed on Kubernetes clusters using command-line tools or Helm charts. - [bytebytegohq/system-design-101](https://awesome-repositories.com/repository/bytebytegohq-system-design-101.md) (83,491 ⭐) — This project is a centralized engineering knowledge repository that provides a structured curriculum for mastering system design, architectural patterns, and fundamental software development workflows. It serves as a professional development resource for engineers, offering foundational knowledge and real-world case studies to support the design of scalable, secure, and efficient distributed systems. The repository distinguishes itself through a visual-first approach to knowledge synthesis, distilling complex technical concepts into high-density graphical diagrams and succinct illustrations. By employing cross-domain concept mapping and modular topic decomposition, it connects disparate engineering disciplines—such as infrastructure, security, and application layers—into granular, self-contained modules that facilitate rapid mental modeling and targeted learning. The content covers a broad spectrum of technical domains, including API and web development, database scaling strategies, networking protocols, and DevOps deployment pipelines. These educational assets are organized as a static, version-controlled repository, allowing users to consume technical insights asynchronously at their own pace. - [kubernetes-sigs/kubespray](https://awesome-repositories.com/repository/kubernetes-sigs-kubespray.md) (18,576 ⭐) — Kubespray is an Ansible-based tool for deploying production-ready Kubernetes clusters on physical or virtual machines across various environments. It serves as an infrastructure provisioner and cluster deployer that automates the installation and configuration of cluster nodes. The project functions as a bare metal cluster orchestrator, allowing for the setup of Kubernetes on physical hardware without relying on a managed cloud provider. It includes specialized installers for configuring networking fabrics, pod communication plugins, and routing policies. The framework also manages the installation of essential cluster add-ons, such as ingress controllers and storage provisioners, to extend the functional capabilities of the environment. - [datreeio/datree](https://awesome-repositories.com/repository/datreeio-datree.md) (6,339 ⭐) — Datree is a policy enforcement framework for Kubernetes that validates configurations against rules written in Rego, JSON Schema, or CEL. It operates as both a command-line tool for pre-deployment scanning and as a cluster-side admission webhook for real-time enforcement, integrating with CI/CD pipelines and continuous delivery tools like ArgoCD and FluxCD. The framework supports namespace-scoped policy mapping, allowing different policies to apply to different namespaces, and provides a skip annotation mechanism for selectively bypassing rules on individual resources or entire namespaces. It includes a management dashboard for monitoring policy compliance, tracking check history, and displaying resource violations with remediation steps, along with a cluster health scoring system. Datree enforces a wide range of Kubernetes best practices, including container resource limits and requests, liveness and readiness probes, pinned image versions, security contexts, and minimum replica counts. It also validates CronJob schedules and deadlines, HorizontalPodAutoscaler configurations, and resource labels, while supporting custom rule authoring through Rego, JSON Schema, or CEL. - [kubernetes/examples](https://awesome-repositories.com/repository/kubernetes-examples.md) (0 ⭐) — Welcome to the official Kubernetes Examples repository! This curated collection, stewarded by SIG Apps, provides high-quality, educational examples for running a diverse range of applications and workloads on Kubernetes. - [liangliangyy/djangoblog](https://awesome-repositories.com/repository/liangliangyy-djangoblog.md) (7,397 ⭐) — DjangoBlog is an open-source blog engine built with the Django web framework, designed as a full-featured content management system. It provides Markdown editing for articles and pages, supports social login through OAuth providers including Google, GitHub, Facebook, Weibo, and QQ, and offers full-text search powered by Elasticsearch or Whoosh with keyword highlighting in results. The blog distinguishes itself through several integrated capabilities. It includes a Redis-based page caching system that caches rendered responses and automatically invalidates them on content changes to reduce database load. A plugin hook system allows extending functionality by registering callback functions to predefined event hooks without modifying core application code. The platform also features a WeChat Official Account bridge that accepts commands for remote blog management, and supports deployment via Docker Compose or Kubernetes with ConfigMap-based environment configuration. Additional capabilities include code block syntax highlighting, image hosting and management, threaded comment management with email notifications, sidebar customization with configurable modules, dark mode toggle, and search engine notification that automatically pings Google and Baidu when new content is published. The application can be deployed as a standalone Docker image or as a multi-service stack with MySQL, Redis, and optional Elasticsearch containers. - [kubero-dev/kubero](https://awesome-repositories.com/repository/kubero-dev-kubero.md) (4,150 ⭐) — Kubero is a self-hosted Platform as a Service (PaaS) that simplifies the deployment, scaling, and management of containerized applications on Kubernetes. It functions as an application manager, CI/CD orchestrator, and multi-tenant manager, allowing users to run workloads without writing manual configuration files. The platform distinguishes itself through automated image synthesis, transforming source code from Git repositories into deployable containers via buildpacks, Dockerfiles, or nixpacks. It implements a GitOps delivery model with automated pipelines that trigger builds on push events and provision ephemeral review environments for pull requests. Beyond deployment, it provides integrated infrastructure management for provisioning databases and caches through a graphical interface. The system includes multi-tenant isolation using namespaces, role-based access control with OAuth2 authentication, and automated SSL certificate management. Additional capabilities cover resource scaling, application health monitoring, and the attachment of persistent storage volumes. The platform can be installed on local Kubernetes clusters or provisioned on supported cloud providers using a dedicated CLI and web-based management console. - [angular/route.dart](https://awesome-repositories.com/repository/angular-route-dart.md) (0 ⭐) — Route - [jeko2000/tiny-routes](https://awesome-repositories.com/repository/jeko2000-tiny-routes.md) (19 ⭐) — A tiny routing library for Common Lisp targeting Clack. - [kubernetes-sigs/headlamp](https://awesome-repositories.com/repository/kubernetes-sigs-headlamp.md) (6,729 ⭐) — Headlamp is a Kubernetes web interface that runs as either a desktop application or a browser-based dashboard, providing a unified view for managing resources across multiple clusters. It supports authentication through OpenID Connect providers and kubeconfig files, and renders the UI according to the user's Kubernetes RBAC permissions, hiding or disabling actions that are not permitted. The project distinguishes itself through a plugin system that allows extending the dashboard with custom views, components, and business logic without modifying the core code. Plugins can be installed from a catalog, developed from scratch, or run as sidecar containers alongside the main application. The interface also supports custom theming, UI component customization, and the creation of dedicated monitoring dashboards with specialized visualizations. Headlamp includes an inline resource editor with built-in documentation and validation, terminal and log access for debugging pods, and the ability to discover clusters by watching custom resources. It can be deployed as a desktop application on Linux, Mac, and Windows, exposed through an ingress, or accessed via port forwarding. The project provides documentation for installation, plugin development, and configuration. - [siderolabs/talos](https://awesome-repositories.com/repository/siderolabs-talos.md) (10,659 ⭐) — Talos is a minimal, immutable Linux distribution designed specifically for deploying and managing Kubernetes clusters. It functions as an API-driven infrastructure manager that replaces traditional shell access with a declarative gRPC interface to control operating system state and configuration. The system is distinguished by its use of a read-only root filesystem and a security-hardened kernel, which removes standard GNU utilities to reduce the attack surface. It ensures environment consistency by distributing the operating system as versioned, signed images and utilizes TPM-backed verified boot and mutual TLS for secure administrative communication. Broad capabilities include the automated provisioning of clusters across bare metal, virtual machines, and cloud platforms. The project covers container runtime management, virtual machine execution and migration, distributed key-value storage for cluster quorum, and comprehensive network orchestration including mesh VPNs and VLAN tagging. Administrative operations are performed programmatically through a unified interface that handles boot asset generation, atomic system updates, and hardware-backed security bootstrapping.