Traefik Enterprise 2.2 is here, bringing with it a number of new features and enhancements to our enterprise-grade, cloud-native edge router built on Traefik technology. This latest release includes integrated service mesh capabilities, an improved web UI, support for OpenID Connect authentication, and more.
Integrated Service Mesh
Managing a microservice architecture built on Kubernetes requires dealing with external and internal connections (sometimes called north-south and east-west connections, respectively). An ingress controller is the software that routes the north-south connections from the external network, while a service mesh is the increasingly popular choice for managing east-west connections between services on the internal network..
The usual case is to split the responsibilities between a separate ingress controller and service mesh. But the downside of this architecture is that it means that you have to install, configure, and maintain two different tools, often with very different capabilities and configuration styles.
That's where Traefik Enterprise 2.2 comes in.
Traefik Enterprise can now act as both a Kubernetes ingress controller, based on the well-known Traefik edge router, and a service mesh based on Traefik Mesh, the lightweight and simpler service mesh.
Thus, Traefik Enterprise simplifies your workflow:
- It enables you to install both your ingress controller and your service mesh with a single command
- It requires a single configuration file to manage them together
- It comes with a dashboard to monitor your whole network environment easily
Traefik Enterprise’s service mesh is designed to be non-invasive. It requires no sidecar containers and does not modify your Kubernetes objects, and it’s 100% opt-in.
Take advantage of this feature by following the comprehensive guide in the documentation.
The key to managing microservices infrastructure is monitoring. You can’t fix the problems in your infrastructure if you don’t know what and where they are.
To this end, we’ve updated the Traefik Enterprise dashboard with features that allow you to monitor your cluster alerts at a glance.
If an error occurs in your cluster, your services, routers, or middlewares configuration, it will be reported on the new welcome page. From there, you will be able to navigate to the error source to fix it.
Additionally, if you choose to enable the new service mesh option, Traefik Enterprise 2.2’s enhanced dashboard provides a diagram to monitor your service mesh connections.
Using it, you won't have to read through all of your Kubernetes configuration files to know why your Kubernetes services don’t communicate as expected!
Whether you expose one API or hundreds, if you want to sleep well at night, you will have to secure your infrastructure. Authentication is a critical component of this.
Traefik Enterprise has acknowledged this need. That's why, on top of the existing authentication middlewares (such as LDAP, OAuth 2.0 token introspection, and JWT), v2.2 adds a new OpenID Connect (OIDC) middleware.
OIDC is a very popular framework built on top of OAuth 2.0 to handle authentication workflows.
Using the OIDC middleware, you'll secure your applications by delegating the authentication to an external provider (such as GitHub, Google Accounts, LinkedIn, etc.) with a straightforward configuration. Here’s an example:
http: middlewares: myoidc: plugin: oidcAuth: source: googleSource redirectUrl: example.com/callback session: secret: mysupersecret123
Securing a service couldn’t be easier.
Traefik Enterprise provider
One of the main advantages of Traefik Enterprise has always been the dynamic configuration. Are you a Kubernetes user? Create a CRD, and let the magic happen. Docker user? Add labels to your container… et voilà!
But if you are a bare metal user, so far you have had to share your configuration file between machines manually. To ease your work, Traefik Enterprise 2.2 includes a new internal provider that allows you to set your configuration using the teectl CLI.
You need only execute one command and your cluster is automatically updated. The configuration is still stored in a file for ease of maintenance.
teectl apply dyn-configuration.yaml
With the addition of service mesh support, Traefik Enterprise brings important new functionality on top of its existing high availability, distributed services, and enterprise authentication protocols. We’ll continue to develop more exciting features to benefit customers who choose Traefik Enterprise.
Take a closer look at Traefik Enterprise’s features to learn more. If you want to test drive this new version, sign up for a free trial of Traefik Enterprise 2.2 today.
This is a companion discussion topic for the original entry at https://traefik.io/blog/announcing-traefik-enterprise-2-2-now-an-all-in-one-ingress-api-management-and-service-mesh-solution/