Displaying 1 to 17 from 17 results

kuma - The Universal Service Mesh

  •    Go

Kuma is a platform agnostic open-source control plane for Service Mesh and Microservices. It can run and be operated natively across both Kubernetes and VM environments, making it easy to adopt by every team in the organization. Bundling Envoy as a data-plane, Kuma can instrument any L4/L7 traffic to secure, observe, route and enhance connectivity between any service or database. It can be used natively in Kubernetes via CRDs or via a RESTful API across other environments like VMs and Bare Metal.

curiefense - Curiefense is a unified, open source platform protecting cloud native applications.

  •    TypeScript

Curiefense is a new application security platform, which protects sites, services, and APIs. It extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site scripting (XSS), account takeovers (ATOs), application-layer DDoS, remote file inclusion (RFI), API abuse, and more. There are many ways to get involved with Curiefense.

sds - Envoy's v1 Service Discovery Service API and v2 Endpoint Discovery Service API

  •    Rust

Envoy's v1 Service Discovery Service API and v2 Endpoint Discovery Service API. In contrast of https://github.com/lyft/discovery, the sds allow users to serve multiple application instances of single service in single host instance (with single ip address). Accepts v2 DiscoveryRequest, then responses v2 DiscoveryResponse.

envoy-preflight - A wrapper for applications to help with running envoy as a sidecar

  •    Go

This application, if provided an ENVOY_ADMIN_API environment variable, will poll indefinitely with backoff, waiting for envoy to report itself as live, implying it has loaded cluster configuration (for example from an ADS server). Only then will it execute the command provided as an argument. All signals are passed to the underlying application. Be warned that SIGKILL cannot be passed, so this can leave behind a orphaned process.

envoy - Envoy proxy中文文档 - http://www.servicemesher.com/envoy/

  •    Makefile

Envoy proxy中文文档 - http://www.servicemesher.com/envoy/


  •    C++

This project links a NATS Streaming HTTP filter with the Envoy binary. A new filter io.solo.nats_streaming which redirects requests to NATS Streaming is introduced. The e2e tests depend on nats-streaming-server and stan-sub, which need to be in your path. They also require the GRequests Python package.

pro-ref-arch - Reference Architecture for Ambassador Pro

  •    Makefile

This repository contains a core set of tested configurations for Ambassador Pro that integrates monitoring, distributed tracing, and more. Information about open source code used in Ambassador Pro can be found in /*.opensource.tar.gz files in each Docker image.

opa-envoy-spire-ext-authz - OPA-Envoy-SPIRE External Authorization Example.

  •    Go

OPA-Envoy(v1.10.0) External Authorization Example. Example of using Envoy's External authorization filter with OPA as an authorization service.

esp-v2 - A service proxy that provides API management capabilities using Google Service Infrastructure

  •    Go

Google Cloud Platform ESPv2 is a general-purpose L7 service proxy that enables API management capabilities for JSON/REST or gRPC API services. ESPv2 integrates with Google Service Infrastructure to provide policy checks and telemetry reports. ESPv2 is the next iteration of ESP. The current implementation of ESPv2 uses Envoy as a service proxy.

envoy-consul-connect - Envoy Filter for Consul Connect

  •    C++

This project links a Consul Connect filter with the Envoy binary. A new network filter io.solo.filters.network.consul_connect is introduced. The filter performs TLS client authentication against the Authorize endpoint via REST API. The Authorize endpoint tests whether a connection attempt is authorized between two services. Consul’s implementation of this API uses locally cached data and doesn't require any request forwarding to a server. Therefore, the response typically occurs in microseconds, to impose minimal overhead on the connection attempt.

grpc_xds - gRPC xDS Loadbalancing (experimental!!!)

  •    Go

..this repo and code is not supported by google.. When the client first bootstraps to the xDS server, it sends down instructions to connect directly to one gRPC server instance.

istio_external_authorization_server - Tutorial to setup a simple Istio external authorization server

  •    Go

Tutorial to setup an external authorization server for istio. In this setup, the ingresss-gateway will first send the inbound request headers to another istio service which check the header values submitted by the remote user/client. If the header values passes some criteria, the external authorization server will instruct the authorization server to proceed with the request upstream. The check criteria can be anything (kerberos ticket, custom JWT) but in this example, it is the simple presence of the header value match as defined in configuration.

image-hub - Image Hub is a sample application for exploring WebAssembly modules used as Envoy filters

  •    Vue

Image Hub is a sample application written to run on Consul for exploring WebAssembly modules used as Envoy filters. This demo application has been enabled by experimental works of Nic Jackson of HashiCorp, and Kanishkar J, Lee Calcote, and other contributors of Layer5. Image Hub supports Envoy-based data planes. Deployment instructions for each supported service mesh are below.

wasm-filters - A collection of Rust-based WebAssembly programs that are deployed as Envoy filters.

  •    Rust

A collection of WebAssemby filters for Envoy proxy written in C,C++,C# and Rust for exercising different features provided by envoy-wasm. See the Image Hub as a related project (a sample application). Also, see Meshery's filter management capabitilies.

kolumbus - Service discovery for microservice architecture with grpc, docker and envoy proxy

  •    Go

Docker makes it easy to package your applications and run it reliably in different environments. However, orchestrating multiple containers with load balancing, rate limiting, dynamic replacement of services, monitoring and all the nice operational stuff can quickly become quite cumbersome.

iris - Envoy xDS for Kubernetes service discovery

  •    Go

Iris is an Envoy control-plane implementation for Kubernetes. Typically, Envoy service discovery on Kubernetes involves polling the DNS endpoints to detect pod addition and deletion. This method is slow and does not scale well when the Kubernetes cluster is under heavy load. Iris is a Kubernetes controller that also implements an Envoy Aggregated Discovery Service (ADS). In addition to the circumvention of the DNS polling issue, this gives us the added bonus of being able to control the configuration of a fleet of Envoys without any down time. Things like traffic shaping, canary deploys, replays etc. can be achieved quickly and easily by just pushing a new configuration to the Iris server (think of it as a very poor man's Istio).

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.