Traefik: the Cloud Native Edge Router
In the age of containers, fast-paced and miniaturized, old software needed to adapt fast. When that was not possible, or slow, a slew of new software was born. Among this was Traefik, the self-proclaimed Cloud Native Edge Router rapidly grew as one of the most used software where containers were employed.
What is Traefik?
A reverse proxy / load balancer that’s easy, dynamic, automatic, fast, full-featured, open source, production proven, provides metrics, and integrates with every major cluster technology… No wonder it’s so popular!
Traefik is a reverse proxy / load balancer built to route requests to the appropriate services, in a container environment. As a reverse proxy, Traefik can route requests based on parameters (usually domain name) to the right container. If you’re running containers, chances are you may scale them easily to hundreds, thousands, that’s where a load balancer comes in handy. A load balancer ensures the traffic is distributed among services more or less equally. When those services are packaged as containers, Traefik can automatically discover them and is ready to start balancing with minor effort.
Key Traefik features include:
- Runs/integrates on/with plain Docker and major orchestrators (Kubernetes, Mesos)
- Continuously updates its configuration (No restarts!)
- Multiple load balancing algorithms
- Provides TLS through Let’s Encrypt!
- A minimal, yet insightful Web UI
- Websocket, HTTP/2, GRPC ready
- Provides metrics and logs
Why do you need Traefik?
If you’re using an orchestrator such as Kubernetes on premises chances are you will need an “IngressController”, a service that will route every request to the appropriate endpoint. One of the alternatives is Traefik. (More in the next section).
If you plan on using a microservices-oriented architecture, you will likely need to manage quite a few endpoints, a reverse proxy and a load balancer will most likely be essential.
If you’re planning on containerizing your application and need an easy-to-use solution that does many things out of the box.
Traefik and Kubernetes
Kubernetes is the de-facto container orchestrator. Unless you’re using a hosted Kuberentes such as GCE or AKS you will probably need an IngressController, Traefik and a few others qualify to complete this task.
Traefik integrates with Kuberentes seamlessly and can be deployed either as DaemonSet or as Deployment. Each solution has its pros and cons, but overall deploying Traefik on Kubernetes is as simple as deploying a few manifests. As an ingress controller, Traefik will intercept any request on the given port and will observe any ingress submitted in the namespace. Reading the official documentation is highly suggested.
Once you have installed Traefik you can start submitting ingress resources in Kubernetes (you must also have a corresponding service) and everything will start working as intended.
The new Traefik 2.0
Traefik 2.0 is the next big release since its launch. Currently, the latest version is version 2.0 RC1. The changes are way too many to list but here’s an excerpt from the announcement:
- TCP support! (and SNI routing)
- Middleware to fully customize your routes
- An elegant Kubernetes CRD for better readability and control over your configuration
- A new Rule syntax that supports operators and parentheses
- Cross-Provider support to mix rules and to route between many sources
- TLS termination per route
- A whole new label system for configuration consistency
- Certificate resolvers that support multiple certificate providers, DNS providers, dynamic wildcard, and that enable per domain challenge.
- An improved API with enhanced error reporting
- YAML support!
- A dedicated CORS middleware for easy configuration
- Re-designed constraint management to automatically create routes to your services
- Load balancing between services (canary deployments anyone?) and mirroring
- A new WebUI!