# Service Mesh Traffic Security Tools > Search results for `service mesh for securing traffic between microservices` on awesome-repositories.com. 107 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/service-mesh-for-securing-traffic-between-microservices **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/service-mesh-for-securing-traffic-between-microservices).** ## Results - [apache/apisix](https://awesome-repositories.com/repository/apache-apisix.md) (16,767 ⭐) — This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the request lifecycle. It provides specialized capabilities for modern AI workflows, including model request proxying, token-based budget enforcement, content moderation, and agentic workflow tracing. Furthermore, it supports complex multi-protocol environments by bridging diverse communication standards, including gRPC and various binary protocols, without requiring additional sidecar processes. Beyond its core proxying functions, the gateway offers a comprehensive suite of traffic management and security tools. It handles authentication and authorization through multiple strategies, including token validation and identity provider integration, while maintaining granular control over TLS policies and secret management. The system also provides robust observability through distributed tracing, metrics exporting, and detailed request logging, ensuring visibility into both standard API traffic and complex AI-driven interactions. The software is designed for containerized environments and can be deployed using standard container images, with full support for translating Kubernetes ingress resources into live routing rules. - [kubesphere/kubesphere](https://awesome-repositories.com/repository/kubesphere-kubesphere.md) (16,842 ⭐) — KubeSphere is a distributed operating system for cloud-native application management that provides a centralized control plane for Kubernetes clusters. It functions as a comprehensive DevOps portal, enabling teams to orchestrate containerized workloads, manage CI/CD pipelines, and enforce security policies across hybrid cloud, datacenter, and edge environments. The platform distinguishes itself through its multi-cluster federation capabilities and robust multi-tenancy model, which allow for logical resource isolation and granular access control across shared infrastructure. It integrates a modular plugin architecture that supports platform extensibility, enabling users to customize observability, storage, and security components to meet specific operational requirements. Beyond core management, the platform provides a unified observability suite that aggregates metrics, logs, and distributed traces to visualize system health and microservice topology. It also includes advanced traffic governance tools, such as service mesh integration and automated release strategies, to maintain stability during application updates. The project offers a web-based dashboard and a flexible installer to simplify the provisioning and administration of container platforms. It supports diverse infrastructure needs, ranging from bare metal load balancing to hardware accelerator management, through a unified graphical interface. - [kubeshark/kubeshark](https://awesome-repositories.com/repository/kubeshark-kubeshark.md) (11,954 ⭐) — Kubeshark is a network observability platform designed for Kubernetes environments, functioning as an eBPF-powered engine for cluster-wide traffic analysis. It captures, indexes, and visualizes network activity and API calls directly from the kernel, providing deep visibility into service-to-service communication without requiring sidecar proxies or manual code instrumentation. The platform distinguishes itself through its ability to perform protocol-aware traffic dissection and user-space cryptographic hooking, which allows for the inspection of encrypted traffic and the reconstruction of application-layer protocols like HTTP, gRPC, and Kafka. It supports advanced diagnostic capabilities, including AI-driven troubleshooting, forensic analysis of network snapshots, and the correlation of infrastructure events with application-level traffic patterns. Beyond core monitoring, the system provides a comprehensive suite of tools for managing traffic data, including granular role-based access control, sensitive data redaction, and flexible storage options ranging from ephemeral local buffers to cloud-based object storage. It is built to operate in diverse environments, supporting air-gapped deployments and integrating with standard Kubernetes ingress resources for secure dashboard access. The project is managed via a command-line interface that facilitates deployment control, custom script execution, and the sharing of specific traffic analysis views through encoded search queries. - [istio/istio](https://awesome-repositories.com/repository/istio-istio.md) (38,226 ⭐) — Istio is a service mesh infrastructure that provides a centralized control plane to manage, secure, and observe communication between distributed microservices. It functions as a policy-driven network traffic controller, enabling developers to route, balance, and secure service-to-service traffic without requiring modifications to application code. The system enforces zero-trust security by utilizing mutual transport layer authentication to verify cryptographic identities for every network request. The project distinguishes itself through a sidecar-less proxy architecture, which offloads networking tasks to shared infrastructure proxies rather than requiring individual proxies for every container. This approach is complemented by waypoint proxies, which perform deep packet inspection and enforce granular access policies at the application layer. Furthermore, the platform provides a unified connectivity fabric that synchronizes service registry data across multiple clusters, allowing for consistent traffic management and security policy enforcement across disparate network boundaries. The system operates on a declarative model where a centralized management component continuously reconciles the desired state with the underlying network infrastructure. It supports both transport-layer and application-layer authorization, allowing for precise control over service access based on service accounts and specific request methods. The architecture is designed to simplify operational management and reduce resource overhead while maintaining consistent network behavior across complex, multi-cluster environments. - [linkerd/linkerd2](https://awesome-repositories.com/repository/linkerd-linkerd2.md) (11,424 ⭐) — This project is a service mesh platform designed to manage, secure, and observe service-to-service communication within Kubernetes clusters. It functions as a control plane that orchestrates transparent sidecar proxies, which intercept and manage network traffic to provide reliable connectivity for microservices. By automating the injection of these proxies, the platform ensures that infrastructure-level policies are applied consistently across all workloads without requiring manual configuration changes. The platform distinguishes itself through its focus on zero-trust security and cross-cluster connectivity. It enforces mutual TLS for all inter-service communication by automatically issuing and rotating short-lived cryptographic certificates, ensuring that traffic is encrypted and identities are verified. Furthermore, it provides robust multicluster capabilities, enabling unified service discovery, traffic routing, and load balancing across distinct network environments, effectively bridging distributed workloads into a single logical communication fabric. Beyond its core security and connectivity features, the project offers a comprehensive suite for traffic management and observability. It supports advanced routing strategies, including header-based and protocol-aware traffic shifting, alongside resilience patterns like circuit breaking, retries, and fault injection to maintain system stability. The observability framework collects real-time telemetry, request metrics, and distributed traces, providing deep visibility into service health, performance, and dependencies through integrated dashboards and diagnostic tools. The project is managed via a command-line interface that supports automated installation, upgrades, and cluster diagnostics to ensure operational readiness. It allows for extensive customization of proxy behavior and resource allocation through standard Kubernetes manifests and annotations, facilitating integration into diverse infrastructure environments. - [alibaba/sentinel](https://awesome-repositories.com/repository/alibaba-sentinel.md) (23,126 ⭐) — Sentinel is a microservice flow control framework designed for managing traffic limits, distributed circuit breaking, and adaptive overload protection. It serves as a traffic shaping component that defines resource boundaries to regulate request flow and ensure reliability across distributed systems. The project provides a real-time monitoring dashboard for tracking resource metrics and performance bottlenecks across service clusters. It includes a visual interface for the real-time management of flow control and circuit breaking rules, allowing parameters to be updated without restarting the application. The framework covers a broad set of resilience capabilities, including cascading failure prevention, system capacity protection, and resource failure handling via fallback mechanisms. It also incorporates service instance discovery and performance monitoring to identify bottlenecks across cloud native services. - [owasp/cheatsheetseries](https://awesome-repositories.com/repository/owasp-cheatsheetseries.md) (32,298 ⭐) — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentralized, collaborative editorial process. By utilizing a version-controlled, markdown-based workflow, the series ensures that security guidance remains vendor-neutral, peer-reviewed, and universally accessible. This structure allows the community to rapidly evolve and maintain technical documentation, ensuring that defensive strategies keep pace with emerging threats and shifting technology stacks. The project provides extensive coverage of critical security areas, including robust input validation, access control enforcement, and supply chain risk management. It offers detailed implementation guides for securing cloud-native architectures, containerized environments, and various language-specific frameworks. Furthermore, the series addresses advanced topics such as artificial intelligence agent safety, prompt injection prevention, and zero-trust architectural principles. The documentation is maintained as an open-source repository, with content transformed into a navigable web format through automated static site generation. - [pig-mesh/pig](https://awesome-repositories.com/repository/pig-mesh-pig.md) (6,644 ⭐) — Pig is a microservice-based RBAC permission management platform built on Spring Cloud and Spring Boot, with OAuth2 authentication and authorization at its core. It provides a dedicated authorization server that issues access and refresh tokens using authorization code, password, and refresh token grant types, while embedding role and permission checks into each microservice to secure API endpoints. The platform distinguishes itself through a comprehensive set of integrated capabilities, including automatic CRUD code generation from database schemas that produces controller, service, mapper, and UI files at development time. It also features a centralized health monitoring dashboard that aggregates real-time metrics and service status, a built-in scheduled task execution engine for running recurring background jobs, and Docker Compose orchestration for local development environments that coordinates databases, caches, and business services. Additional capabilities include automated code formatting enforcement during the build process to maintain consistent coding style, and a centralized administration interface for assigning roles and permissions to users. The platform supports Spring Cloud microservice administration with service discovery, configuration management, and monitoring features. - [fallibleinc/security-guide-for-developers](https://awesome-repositories.com/repository/fallibleinc-security-guide-for-developers.md) (21,090 ⭐) — This project is a web application security guide and developer training resource. It serves as a secure coding framework and vulnerability remediation manual, providing software engineers with the tools to identify, prioritize, and fix common security holes across different application layers. The resource utilizes a structured verification framework and security audit checklists to systematically find vulnerabilities. It features a technical reference that maps specific security flaws to step-by-step instructions for remediation, supported by vulnerability statistics to help determine which defense efforts require the most urgent priority. The guide covers core security fundamentals including authentication, authorization, data sanitization, cryptography, and session management. It organizes these concepts into a modular instructional design to facilitate targeted learning and the implementation of secure coding practices. - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It employs a language-agnostic intermediate representation to synthesize these definitions into platform-specific configurations, while supporting aspect-oriented policy injection to apply security and compliance rules across infrastructure definitions during the synthesis phase. Beyond core provisioning, the project provides a modular component registry for distributing and reusing pre-configured infrastructure building blocks. It supports multi-account orchestration, allowing for the deployment of consistent resource sets across different regions and accounts from a single template, and includes capabilities for detecting infrastructure drift to ensure deployed environments remain aligned with their defined state. The project is distributed as a software development kit, providing programmatic interfaces to manage the full lifecycle of cloud resources and integrate infrastructure definitions directly into application codebases. - [moleculerjs/moleculer](https://awesome-repositories.com/repository/moleculerjs-moleculer.md) (6,373 ⭐) — Moleculer is a Node.js microservices framework designed for building distributed systems. It functions as a distributed service broker, task orchestrator, and service mesh framework, enabling a decentralized architecture with built-in service discovery and load balancing. The project differentiates itself through a pluggable transport layer supporting protocols such as NATS, Redis, TCP, and Kafka, as well as a dedicated microservices API gateway that maps external HTTP and WebSocket requests to internal service actions. It includes built-in fault tolerance mechanisms, including circuit breakers, automatic request retries, and fallback responses to prevent cascading failures. The framework covers a broad set of capabilities, including asynchronous event-driven networking, distributed tracing, and system observability. It provides tools for data persistence via pluggable database adapters, schema-driven validation, and complex workflow orchestration through state machine logic. The project includes a command-line interface for project bootstrapping, dynamic service loading, and interactive system management via a REPL. - [apache/dubbo](https://awesome-repositories.com/repository/apache-dubbo.md) (41,519 ⭐) — Dubbo is a Java RPC framework and microservices governance platform designed for high-performance remote procedure calls in distributed architectures. It provides the foundational components necessary to connect distributed services across a network, including a binary data serialization library and a distributed service registry. The platform distinguishes itself through a comprehensive governance suite that manages service discovery, load balancing, and traffic routing. It enables precise control over network traffic via conditional routing and a pluggable extension mechanism based on a service provider interface. The framework covers a broad range of capabilities, including distributed request tracing for observability, TLS transport encryption and request authentication for security, and centralized metadata management. It also supports integration with Spring Boot and utilizes interface definition languages to synchronize service contracts between providers and consumers. - [casbin/casbin](https://awesome-repositories.com/repository/casbin-casbin.md) (19,848 ⭐) — Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a highly modular architecture that includes adapter-based storage abstraction, enabling the engine to connect to various persistent backends for policy management. It supports complex, context-aware policy execution by allowing developers to inject custom functions for domain-specific matching and validation. Furthermore, the engine handles hierarchical role resolution and provides mechanisms for aggregating multiple policy outcomes, such as allow-override or deny-override, to resolve conflicting permissions. The platform covers a broad capability surface, including middleware integration for web frameworks, API gateways, and service mesh architectures. It offers extensive tooling for policy administration, observability, and performance optimization, such as result caching and asynchronous execution. The system also supports multi-tenancy through domain-aware authorization and provides programmatic interfaces for automating policy updates and lifecycle management. The library is designed for integration into existing stacks, offering middleware components and support for distributed deployments to ensure consistent authorization state across multiple service instances. - [traefik/mesh](https://awesome-repositories.com/repository/traefik-mesh.md) (2,094 ⭐) — Traefik Mesh - Simpler Service Mesh - [tensorflow/mesh](https://awesome-repositories.com/repository/tensorflow-mesh.md) (1,624 ⭐) — Mesh TensorFlow: Model Parallelism Made Easier - [thinkgem/jeesite](https://awesome-repositories.com/repository/thinkgem-jeesite.md) (8,044 ⭐) — Jeesite is a full-stack low-code development framework designed for building enterprise administrative portals using Spring Boot, MyBatis, and Vue. It functions as a comprehensive platform for creating administrative dashboards with integrated role-based access control and organizational data permission systems. The framework distinguishes itself through a combination of automated CRUD code generation and an integrated RAG platform that connects large language models to enterprise data via vector stores. It further incorporates a BPMN-based workflow engine to automate complex business process approvals and task transitions. The system covers a broad range of enterprise capabilities, including multi-tenant SaaS architecture for data isolation, distributed microservice governance, and centralized identity management with single sign-on. Additional surface areas include comprehensive security auditing, multi-channel notification dispatch, and advanced UI components for hierarchical data management and visual dashboards. - [osrf/traffic-editor](https://awesome-repositories.com/repository/osrf-traffic-editor.md) (161 ⭐) — GUI, CLI, and ROS 2 messages for robot traffic flows in buildings - [chaos-mesh/chaos-mesh](https://awesome-repositories.com/repository/chaos-mesh-chaos-mesh.md) (7,761 ⭐) — Chaos Mesh is a cloud-native fault injection tool and Kubernetes chaos engineering platform designed to verify system resilience. It functions as a testing framework for designing and executing automated failure scenarios to evaluate how containerized workloads recover from disruptions. The project acts as a multi-cluster chaos orchestrator, providing a centralized control plane to manage and monitor experiments across multiple remote Kubernetes clusters from a single interface. It includes a dashboard for the visual scheduling of experiments and the coordination of complex failure scenarios. The platform covers a broad range of fault injection categories, including network latency, pod termination, and resource stress for CPU and memory. It also provides capabilities for simulating hardware and system failures, such as IO errors and system time manipulation, as well as infrastructure-level disruptions across cloud providers and JVM-specific faults. Observability is handled through metrics monitoring and system health verification to evaluate stability during injections. Security is managed via dashboard authentication and injection scope restrictions based on namespace annotations. - [ibm/mcp-context-forge](https://awesome-repositories.com/repository/ibm-mcp-context-forge.md) (3,310 ⭐) — mcp-context-forge is a Model Context Protocol federation gateway that unifies diverse AI tool servers and APIs into a single consistent interface for discovery and execution. It acts as a centralized proxy that aggregates multiple servers and APIs, allowing AI agents to access and invoke a unified set of tools, prompts, and resources. The project distinguishes itself through a multi-protocol translation bridge that converts communication between standard I/O, SSE, gRPC, and REST to enable interoperability between disparate tool servers. It includes a comprehensive LLM evaluation framework for assessing model output quality, safety, and grounding, alongside an AI tool governance platform that enforces role-based access control and content guardrails. The system provides a broad surface of capabilities including AI agent observability via OpenTelemetry, enterprise identity integration through OIDC and SAML, and secure code execution within sandboxed environments. It also features extensive content management utilities for processing documents, spreadsheets, and code, as well as traffic management tools such as circuit breakers and rate limiting. The project can be deployed using Helm charts for Kubernetes or via Docker Compose, with support for air-gapped installations. - [traefik/traefik](https://awesome-repositories.com/repository/traefik-traefik.md) (63,644 ⭐) — Traefik is a cloud-native edge router and API gateway designed to manage service communication and traffic flow across distributed infrastructure. It functions as a dynamic service proxy that automatically discovers backend services and configures routing rules in real time, eliminating the need for manual restarts or complex configuration updates. By integrating directly with container orchestrators and service registries, it maintains a consistent state for network traffic, load balancing, and security policy enforcement. The project distinguishes itself through its deep integration with diverse infrastructure providers, including container runtimes, cloud platforms, and service meshes. It utilizes a declarative configuration model that allows users to define routing and security policies as version-controlled code, facilitating GitOps workflows and automated infrastructure synchronization. Additionally, it features a specialized AI gateway that provides content guarding and semantic response caching to optimize performance and ensure regulatory compliance for AI-driven services. Beyond core routing, the platform offers a comprehensive suite of tools for API lifecycle management, including performance monitoring, distributed tracing, and integrated web application firewall protection. It also provides API mocking capabilities, allowing developers to simulate production-like environments for testing and integration. These features are unified under a centralized control plane that supports federated governance across hybrid and multi-cloud environments. - [mrakotosaon/dse-meshing](https://awesome-repositories.com/repository/mrakotosaon-dse-meshing.md) (0 ⭐) — This is our implementation of the paper "Learning Delaunay Surface Elements for Mesh Reconstruction" at CVPR 2021 (oral), a method for mesh recontruction from a point cloud. - [benyamindsmith/ig.degree.betweenness](https://awesome-repositories.com/repository/benyamindsmith-ig-degree-betweenness.md) (40 ⭐) — Implementation of the "Node Degree+Edge" Betweenness Community Detection Algorithm for 'igraph' Objects with R - [rootsongjc/kubernetes-handbook](https://awesome-repositories.com/repository/rootsongjc-kubernetes-handbook.md) (11,584 ⭐) — This project is a comprehensive infrastructure guide and technical reference for designing and deploying cloud native and AI native environments using Kubernetes. It serves as a manual for managing container orchestration, pod lifecycles, and declarative state reconciliation to maintain scalable cluster workloads. The resource provides instructional material on building custom controllers and implementing operational logic via the operator pattern. It also functions as a framework for optimizing the delivery of large language models through specialized gateways and workload scheduling. The handbook covers a broad range of capabilities including cloud native network routing, multi-cluster workload orchestration, and the implementation of persistent storage. It further details cluster administration, security management through role-based access control, and the coordination of service mesh traffic. - [gravitl/netmaker](https://awesome-repositories.com/repository/gravitl-netmaker.md) (11,630 ⭐) — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and software-defined perimeters, which hide network resources from the public internet while enforcing granular, identity-based security policies. It supports complex network topologies by providing dynamic relay-based routing for firewall-traversal and gateway-based bridging for isolated subnets. These capabilities allow for the creation of scalable, high-performance overlays that maintain consistent connectivity even when direct peer-to-peer paths are unavailable. Beyond core connectivity, the project provides a comprehensive suite of management tools, including automated node provisioning, private service discovery via integrated DNS, and multi-tenant infrastructure support. It also offers robust observability features, such as administrative audit logging and network health monitoring, to ensure operational visibility. The entire networking stack can be self-hosted to maintain data sovereignty, and the platform integrates with external identity providers to streamline authentication and device onboarding. - [hashicorp/vault](https://awesome-repositories.com/repository/hashicorp-vault.md) (35,796 ⭐) — Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguishes Vault is its ability to generate dynamic, short-lived credentials on-demand for databases and cloud providers, which are automatically revoked upon lease expiration to minimize security exposure. The platform also functions as an encryption-as-a-service provider, allowing applications to offload data protection, tokenization, and key management tasks to a centralized interface. Its modular architecture is supported by an extensible plugin system that uses remote procedure calls to integrate new functionality without requiring modifications to the primary codebase. Beyond core secret handling, the platform offers comprehensive certificate lifecycle automation, including the generation, storage, and rotation of security certificates to maintain encrypted communication channels. It supports high-availability deployments through a distributed consensus protocol that synchronizes state across clusters and automatically forwards requests to the active leader node. The system also integrates with hardware security modules for enhanced key protection and maintains detailed audit logs to support regulatory compliance requirements. Users interact with the platform through a command-line interface that supports API endpoint invocation, environment variable configuration, and shell autocompletion for operational tasks. - [wjakob/instant-meshes](https://awesome-repositories.com/repository/wjakob-instant-meshes.md) (6,104 ⭐) — Interactive field-aligned mesh generator - [smallnest/rpcx](https://awesome-repositories.com/repository/smallnest-rpcx.md) (8,295 ⭐) — rpcx is a high-performance remote procedure call framework for building scalable microservices in Go. It functions as a binary protocol RPC system and a service mesh, providing the necessary infrastructure for low-latency inter-service communication and distributed cloud environments. The project features a cross-language service gateway that provides an HTTP entry point, allowing clients written in any programming language to invoke Go remote services via protocol translation. It also includes a specialized RPC traffic analyzer for capturing and analyzing binary packets to debug network communication between clients and servers. The framework covers distributed service management through dynamic service discovery, client-side load balancing, and failover-driven fault tolerance. It utilizes binary serialization and a pluggable transport layer to optimize network bandwidth. Additionally, the system includes a graphical user interface for monitoring system state and automation tools that use static analysis to generate server registration and invocation stubs. - [envoyproxy/envoy](https://awesome-repositories.com/repository/envoyproxy-envoy.md) (27,630 ⭐) — Envoy is a high-performance, cloud-native service proxy designed for service-to-service communication in distributed architectures. It functions as a service mesh data plane, providing a centralized mechanism for managing, securing, and observing network traffic between microservices. The project is distinguished by its ability to perform dynamic traffic management and configuration updates in real-time without requiring service restarts or downtime. It utilizes a non-blocking, event-driven architecture to handle high-concurrency connections and supports hot-restart process management, which maintains continuous service availability by transferring active connection sockets during binary or configuration updates. The proxy offers a comprehensive suite of operational capabilities, including advanced traffic routing, load balancing, and upstream health checking to ensure reliable distribution of requests. It also features a pluggable filter chain and extensibility modules that allow for custom request processing logic, alongside integrated tools for traffic tapping, mirroring, and the enforcement of transport layer security. Extensive observability is built into the core, enabling the collection and export of granular metrics, logs, and distributed traces to monitor system health and performance. Administrative utilities are provided to manage proxy lifecycles, monitor operational status, and perform configuration changes through a centralized control plane. - [sasha240100/between.js](https://awesome-repositories.com/repository/sasha240100-between-js.md) (0 ⭐) — EXAMPLES * Examples collection - [datahub-project/datahub](https://awesome-repositories.com/repository/datahub-project-datahub.md) (12,141 ⭐) — DataHub is a metadata management platform designed to unify technical, operational, and business context across diverse data ecosystems. By utilizing a graph-based metadata model and an event-driven ingestion architecture, it creates a centralized source of truth that maps complex data relationships, lineage, and ownership. This foundational framework enables organizations to maintain a synchronized view of their data landscape, supporting both human-led discovery and automated data operations. The platform distinguishes itself through its focus on grounding artificial intelligence and autonomous agents in verified enterprise context. It provides specialized capabilities to inject provenance-aware lineage, business definitions, and quality signals into AI prompts, ensuring that generated insights are accurate and trustworthy. Through a policy-as-code governance engine, it enforces access controls and compliance rules directly within the metadata graph, allowing for programmatic oversight of data assets across hybrid environments. Beyond its core identity, the project offers a comprehensive suite of tools for data discovery, observability, and lifecycle management. It includes features for automated lineage extraction, impact analysis, and semantic search, enabling users to navigate data dependencies and resolve quality issues efficiently. The platform also supports collaborative workflows, allowing teams to manage business glossaries, certify data assets, and automate access requests through integrated communication channels. DataHub is built to scale, utilizing a distributed architecture that allows storage, search, and graph processing layers to operate independently. It provides standardized interfaces and a bridge-based connector framework to facilitate integration with heterogeneous data sources and external AI agent frameworks. - [fabriziocafolla/microservice-lumen](https://awesome-repositories.com/repository/fabriziocafolla-microservice-lumen.md) (0 ⭐) — Microservice Lumen is a starting skeleton based on Docker and Lumen Framework. This project helps to develop and maintain a simple and clean infrastructure for the management / creation of php microservices. In just a few steps, the developer starts the development / staging / production… - [dbt-labs/dbt-core](https://awesome-repositories.com/repository/dbt-labs-dbt-core.md) (13,051 ⭐) — dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based database abstraction that translates generic transformation commands into dialect-specific SQL for various data warehouses. It utilizes a template engine to dynamically generate and inject SQL logic at runtime, allowing for highly flexible and reusable transformation scripts. Furthermore, it supports an incremental materialization strategy that optimizes performance by processing only new or changed records, merging them into existing tables using unique keys to reduce compute costs. The framework covers the entire lifecycle of data transformation, including development, testing, deployment, and monitoring. It provides comprehensive capabilities for managing data lineage, enforcing code quality through automated linting and testing, and orchestrating complex pipelines across distributed environments. Users can also leverage a centralized semantic layer to define and govern business metrics, ensuring consistent data reporting across diverse analytical tools. The project is distributed as a Python-based tool, providing a unified interface for local development that integrates with version control systems and cloud-based configuration management. - [kubernetes-sigs/gateway-api](https://awesome-repositories.com/repository/kubernetes-sigs-gateway-api.md) (2,661 ⭐) — The Gateway API is a standardized set of resources for routing HTTP, gRPC, and TCP traffic into and within Kubernetes clusters. It serves as a framework for defining load balancer listeners and routing rules for both Layer 4 and Layer 7 protocols, acting as a specification for ingress and service mesh traffic interfaces. The project utilizes a role-oriented configuration that separates infrastructure provisioning from routing logic. It implements a class-based provider selection system to match requested infrastructure to specific controller implementations and employs a conformance-driven specification to ensure all implementations pass standardized tests. The API covers a broad range of networking domains, including external ingress management, internal service mesh routing, and Layer 4 load balancing. It incorporates security and access control primitives such as backend TLS configuration, hostname ownership delegation to prevent route hijacking, and cross-namespace reference authorization. The project includes a networking conformance suite used to verify that implementations adhere to the official API specifications. - [scalecube/scalecube-services](https://awesome-repositories.com/repository/scalecube-scalecube-services.md) (636 ⭐) — Microservices library - scalecube-services is a high throughput, low latency reactive microservices library built to scale. It features: API-Gateways, service-discovery, service-load-balancing, the architecture supports plug-and-play service communication modules and features. built to provide performance and low-latency real-time stream-processing - [dapr/dapr](https://awesome-repositories.com/repository/dapr-dapr.md) (25,510 ⭐) — Dapr is a distributed application runtime that provides a sidecar-based infrastructure layer for building resilient microservices and event-driven applications. By utilizing a sidecar proxy pattern, it abstracts complex infrastructure tasks into standardized, network-accessible APIs, allowing developers to focus on application logic while the runtime handles service discovery, state management, and secure communication. The platform distinguishes itself through a pluggable component architecture and language-agnostic design, enabling services written in any programming language to interact with infrastructure building blocks via standard HTTP or gRPC protocols. It provides specialized support for stateful workflow orchestration and agentic AI development, ensuring that long-running processes and intelligent agents maintain state and reliability across service restarts. Furthermore, it enforces security through automatic mutual TLS authentication for all network traffic. Beyond its core orchestration capabilities, the runtime offers comprehensive observability features, including automated distributed tracing, system metrics collection, and log management. These tools provide visibility into complex service architectures without requiring manual instrumentation of the primary application code. The project includes extensive documentation, language-specific software development kits, and interactive learning resources to assist in the development and operation of distributed systems. - [hashicorp/terraform](https://awesome-repositories.com/repository/hashicorp-terraform.md) (48,720 ⭐) — Terraform is a declarative infrastructure-as-code tool designed to manage the lifecycle of cloud and on-premises resources. It functions as a workflow engine that reconciles a defined desired state against real-world infrastructure, using a persistent state-tracking layer to maintain consistency and visibility across distributed environments. By mapping infrastructure components into a directed acyclic graph, the system calculates the optimal order for provisioning, updating, or destroying resources. The platform is distinguished by its extensible plugin-based architecture, which decouples core orchestration logic from vendor-specific service APIs. This allows users to manage diverse infrastructure across multiple providers through a unified workflow. The system enforces predictability by separating operations into a three-stage lifecycle—planning, applying, and state-updating—and supports policy-as-code evaluation to validate changes against security and compliance rules before any modifications are executed. Beyond core orchestration, the tool provides robust support for collaborative management, including workspace isolation for environment separation and module sharing for distributing standardized infrastructure patterns. It integrates into broader development ecosystems through support for programmatic definition in various languages, external system hooks, and comprehensive tooling for configuration debugging and editor assistance. - [mozilla-services/pytest-services](https://awesome-repositories.com/repository/mozilla-services-pytest-services.md) (108 ⭐) — Unit testing framework for test driven security of AWS, GCP, Heroku and more. - [makieorg/makie.jl](https://awesome-repositories.com/repository/makieorg-makie-jl.md) (2,778 ⭐) — Makie.jl is a high-performance Julia data visualization library and hardware-accelerated plotting engine used to create interactive 2D and 3D visualizations. It functions as a reactive visualization framework where plots update automatically via observables and compute graphs, and as a vector graphics generator for high-resolution academic output. The system is distinguished by its backend-agnostic rendering pipeline, which supports OpenGL, WebGL, and ray-traced scenes. It employs a grammar-of-graphics approach to map variables to aesthetic attributes and utilizes a hierarchical scene graph to manage complex spatial transformations and nested viewports. The library provides comprehensive capabilities for multi-dimensional data plotting, geospatial mapping, and network graph visualization. It includes a grid-based layout engine for constructing structured dashboards, integrated UI components like sliders and tooltips for data exploration, and support for LaTeX typography. Visualizations can be rendered in desktop windows, web browsers, or exported to publication-quality SVG and PDF formats. - [boto/boto3](https://awesome-repositories.com/repository/boto-boto3.md) (9,834 ⭐) — Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and containerized applications within the cloud ecosystem. The toolkit covers a broad range of operational capabilities, including generative AI orchestration, identity and access control, and detailed cloud resource monitoring. It further extends to data lifecycle management, including automated backups and migrations, as well as comprehensive billing and cost optimization tools. - [otto-de/tesla-microservice](https://awesome-repositories.com/repository/otto-de-tesla-microservice.md) (195 ⭐) — Common basis for some of otto.de's clojure microservices - [andrewharvey/geojson-mesh](https://awesome-repositories.com/repository/andrewharvey-geojson-mesh.md) (0 ⭐) — Command line tool to extract borders of GeoJSON Polygons into a non-overlapping set of LineString's. See https://github.com/topojson/topojson-client#mesh - [libgdx/libgdx](https://awesome-repositories.com/repository/libgdx-libgdx.md) (24,816 ⭐) — LibGDX is a Java-based framework designed for cross-platform game development, enabling the creation and deployment of 2D and 3D games across desktop, mobile, and web environments from a single codebase. It functions as a comprehensive library that abstracts hardware-accelerated graphics, audio, input, and file system access, providing a unified interface for developers to manage game logic and application lifecycles. The framework distinguishes itself through a high-performance architecture that prioritizes efficiency and native interoperability. It utilizes a batch-oriented graphics pipeline to minimize GPU state changes and employs direct-buffer native marshalling to exchange large data arrays between managed and native memory without expensive copying. Developers can leverage a JNI-based native bridge to embed C and C++ code directly within Java source files, while an object-pooling memory management system helps maintain consistent frame rates by recycling frequently instantiated objects. Beyond its core rendering and performance capabilities, the project includes a suite of modular tools for physics simulation, asset management, and third-party service integration. It supports complex game mechanics through entity management, collision detection, and artificial intelligence frameworks, alongside tools for UI construction, audio processing, and network communication. The platform-abstraction-based backend ensures that these features remain consistent across different operating systems and hardware targets. The project provides extensive build-time utilities for automating asset processing, native library compilation, and project scaffolding. It is designed to be integrated into standard Java development workflows, with documentation and reference implementations available to assist in managing application lifecycles and cross-platform deployment. - [cert-manager/cert-manager](https://awesome-repositories.com/repository/cert-manager-cert-manager.md) (13,578 ⭐) — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for automated domain validation and multi-provider integration. It orchestrates complex challenge processes—including those for private or split-horizon networks—to prove domain ownership without manual intervention. Beyond standard certificate management, it provides granular policy enforcement, allowing administrators to restrict issuance permissions, delegate certificate requests to specific service accounts, and enforce security requirements through custom metadata and issuer configurations. The platform covers a broad capability surface for securing network traffic and service communication. It supports diverse issuance workflows, ranging from public certificate authorities and ACME-based automation to private internal PKI infrastructures. The system also includes robust observability tools, such as operational metrics and status inspection, alongside administrative features for managing resource configurations, performing API migrations, and scaling controller components for high-availability environments. Installation and management are facilitated through standard cluster deployment workflows, with comprehensive command-line tools available for troubleshooting, configuration export, and lifecycle verification. - [urigo/graphql-mesh](https://awesome-repositories.com/repository/urigo-graphql-mesh.md) (3,504 ⭐) — 🕸️ GraphQL Federation Framework for any API services such as REST, OpenAPI, Swagger, SOAP, gRPC and more... - [grpc/grpc-java](https://awesome-repositories.com/repository/grpc-grpc-java.md) (12,032 ⭐) — gRPC Java is a library for building distributed systems that enables client and server applications to interact through remote procedure calls. It uses protocol buffers to define service interfaces and exchange structured data, providing a framework for connecting microservices across different environments. The framework utilizes an asynchronous networking foundation to manage concurrent connections and relies on a multiplexed binary protocol to facilitate efficient data exchange. It supports pluggable transport interceptors, allowing for the injection of custom logic into the request-response lifecycle, and includes dynamic service discovery to locate backend instances in changing network environments. The library provides tools for secure service networking, integrating transport-level security to encrypt and authenticate data transfers between endpoints. It also automates the creation of strongly-typed client and server stubs from service definitions to ensure consistent data structures across distributed architectures. - [nvidia-nemo/nemo](https://awesome-repositories.com/repository/nvidia-nemo-nemo.md) (17,389 ⭐) — NeMo is a comprehensive framework designed for the development, training, and deployment of large-scale conversational and generative artificial intelligence models. It provides an integrated platform for building multimodal systems, encompassing speech processing, language modeling, and reinforcement learning alignment. The framework is built to handle the entire lifecycle of AI development, from data curation and model pretraining to production-ready service deployment. The platform distinguishes itself through advanced distributed training capabilities, including tensor and pipeline parallelism, which allow for the execution of models that exceed the memory capacity of individual hardware devices. It incorporates specialized architectures such as mixture-of-experts to optimize computational efficiency and includes a programmable guardrails system to enforce safety policies and topical boundaries on model outputs. Additionally, the framework supports retrieval-augmented generation to ground model responses in external knowledge bases, reducing hallucinations and improving factual accuracy. Beyond core training and inference, the framework offers extensive tools for audio signal processing, speech-to-text transcription, and text-to-speech - [rlacerda83/lumen-email-microservice](https://awesome-repositories.com/repository/rlacerda83-lumen-email-microservice.md) (0 ⭐) — Microservice developed in Lumen for sending emails in real time or by queue. - [ardanlabs/service](https://awesome-repositories.com/repository/ardanlabs-service.md) (4,030 ⭐) — Starter-kit for writing services in Go using Kubernetes. - [netbirdio/netbird](https://awesome-repositories.com/repository/netbirdio-netbird.md) (26,188 ⭐) — NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a centralized control plane for orchestrating network resources, automating device enrollment, and managing peer lifecycles at scale. Administrators can define complex routing policies, manage internal DNS resolution, and expose services securely without manual firewall modifications. The system also supports advanced security postures, including post-quantum cryptography, compliance-based access enforcement, and integration with endpoint security platforms to isolate non-compliant devices. Beyond core connectivity, the project offers a comprehensive suite of tools for infrastructure management, including support for hybrid cloud bridging, Kubernetes cluster integration, and multi-tenant administrative scoping. It provides deep observability through traffic event streaming, network topology visualization, and diagnostic utilities. The software is designed for flexible deployment, offering headless agents for servers, containerized sidecars for orchestration environments, and support for mobile and desktop operating systems. - [alibaba/higress](https://awesome-repositories.com/repository/alibaba-higress.md) (7,558 ⭐) — Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based caching to reduce token consumption and latency. Broad capabilities cover API lifecycle management and traffic control, including canary releases, load balancing, and rate limiting. The system includes a comprehensive security suite with WAF filtering, OIDC and OAuth2 identity integration, and automated TLS certificate management. Extensibility is provided via a WebAssembly-based plugin system that allows for hot-loading custom logic without interrupting traffic. The gateway can be deployed to Kubernetes or Docker and supports the Kubernetes Gateway API and Ingress standards.