Welcome to The Weekly Five - your curated list of 5 exceptional open source projects I discovered this week.
This edition includes projects I found interesting from my Kubecon visit last week. I was able to meet many great maintainers and I know this list is too small to include all, I will include few projects in upcoming edition of the newsletter.
litmus
LitmusChaos is an open source Chaos Engineering platform that enables teams to identify weaknesses & potential outages in infrastructures by inducing chaos tests in a controlled way. Developers & SREs can practice Chaos Engineering with LitmusChaos as it is easy to use, based on modern Chaos Engineering principles & community collaborated.
Use cases
For Developers: To run chaos experiments during application development as an extension of unit testing or integration testing.
For CI/CD pipeline builders: To run chaos as a pipeline stage to find bugs when the application is subjected to fail paths in a pipeline.
For SREs: To plan and schedule chaos experiments into the application and/or surrounding infrastructure. This practice identifies the weaknesses in the deployment system and increases resilience.
The project has more than 5.3k strars and growing, there are more than 300 open issues if you want to get involved.
flux2
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories and OCI artifacts), and automating updates to configuration when there is new code to deploy.
Flux version 2 ("v2") is built from the ground up to use Kubernetes' API extension system, and to integrate with Prometheus and other core components of the Kubernetes ecosystem. In version 2, Flux supports multi-tenancy and support for syncing an arbitrary number of Git repositories, among other long-requested features.
You can use the toolkit to extend Flux, or to build your own systems for continuous delivery -- see the developer guides.
The project reached 8k stars and has more than 200+ open issues, if you want to start contributing
istio
Istio is an open source service mesh that layers transparently onto existing distributed applications. Istio’s powerful features provide a uniform and more efficient way to secure, connect, and monitor services. Istio is the path to load balancing, service-to-service authentication, and monitoring – with few or no service code changes.
Istio is composed of these components:
Envoy - Sidecar proxies per microservice to handle ingress/egress traffic between services in the cluster and from a service to external services. The proxies form a secure microservice mesh providing a rich set of functions like discovery, rich layer-7 routing, circuit breakers, policy enforcement and telemetry recording/reporting functions.
Ztunnel - A lightweight data plane proxy written in Rust, used in Ambient mesh mode to provide secure connectivity and observability for workloads without sidecar proxies.
Istiod - The Istio control plane. It provides service discovery, configuration and certificate management.
The project crossed 38k stars and has more than 400 open issues, want to contribute? checke the open issues.
HolmesGPT
Open-source AI agent for investigating production incidents and finding root causes. Works with any stack — Kubernetes, VMs, cloud providers, databases, and SaaS platforms. We are a Cloud Native Computing Foundation sandbox project. Originally created by Robusta.Dev, with major contributions from Microsoft.
Features
Petabyte-scale data: Server-side filtering, JSON tree traversal, and tool output transformers keep large payloads out of context windows
Memory-safe execution: Per-tool memory limits, streaming large results to disk, and automatic output budgeting prevent OOM kills when querying large observability datasets
Deep integrations: Prometheus, Grafana, Datadog, Kubernetes, and many more—plus any REST API
Bidirectional alert integrations: Fetch alerts from AlertManager, PagerDuty, OpsGenie, or Jira—and write findings back
Any LLM provider: OpenAI, Anthropic, Azure, Bedrock, Gemini, and more
No Kubernetes required: Works with any infrastructure — VMs, bare metal, cloud services, or containers
The project is growing and crossed 2k stars and has close to 100 issues, go ahead and help the team ship some great features.
linkerd2
Linkerd is an ultralight, security-first service mesh for Kubernetes. Linkerd adds critical security, observability, and reliability features to your Kubernetes stack with no code change required.
1. Post-Quantum Cryptography (PQC) 🛡️
Linkerd 2.19 is the first service mesh to introduce Post-Quantum Cryptography by default. Using the ML-KEM algorithm (formerly Kyber), it protects your internal traffic against "harvest now, decrypt later" attacks. This ensures that even if an attacker captures encrypted traffic today, they won't be able to crack it using future quantum computers.
2. Automatic Mutual TLS (mTLS) 🔒
Linkerd’s "killer feature" remains its ability to provide zero-config, mutual TLS for all TCP traffic between meshed apps. It automatically handles the issuance and rotation of certificates, ensuring that all service-to-service communication is encrypted and authenticated without requiring any changes to your application code.
3. Native Sidecar Support 🚀
Linkerd fully leverages Kubernetes Native Sidecars. This fixes the long-standing "race condition" issues where an application container might start before the proxy is ready (or stay running after the proxy shuts down). It makes Linkerd significantly more reliable for Kubernetes Jobs and ensures smoother pod lifecycles.
4. Kubernetes Gateway API Standard 🌐
Linkerd has transitioned to using the Kubernetes Gateway API as its primary way to manage traffic. By using standard resources like HTTPRoute and GRPCRoute instead of custom CRDs, Linkerd allows teams to implement complex traffic splitting, canary deployments, and authorization policies using the industry-standard "cloud-native" language.
5. Zero-Config Observability & Telemetry 📊
Linkerd provides "Golden Metrics" (success rates, latencies, and throughput) out of the box for all HTTP and gRPC traffic. Because it uses a high-performance Rust-based proxy, it provides this deep visibility with incredibly low overhead, allowing operators to debug performance bottlenecks across the entire cluster instantly.
The project has close to 11.5k stars and around 200 open issues and has close to 400 contributors.
If you are doing Open Source I have a good news for you, I work at CodeRabbit which is an AI review tool and its free for Open Source, please reach out to me on X or LinkedIn or just send an email on [email protected] if you need help on adopting CodeRabbit.
You can visit our portal below to create a new account and connect your repository and start reviewing your code.
