Announcing Traefik Enterprise 2.5

We’re pleased to announce the new release of Traefik Enterprise 2.5 that not only integrates Traefik Proxy 2.5 but also brings its own set of customer-centric features.

Layering Traefik in a multi-cluster (and hybrid) environment

​​Businesses are transitioning to containers, orchestrators, and cloud architectures. Some started their journey before Kubernetes even existed, some chose to mix technologies, while others transitioned from one system to another. The great thing about Traefik is that it is orchestrator agnostic -- whatever your stack is, whatever your choices are, you can count on Traefik to route your traffic, from anywhere, to any cluster.

Let's take a real-life example of a company who wants to transition to Kubernetes while already running a perfectly fine production environment on Docker (see the diagram below).

Up to today, this first layer had to be manually configured with a first set of rules responsible for sending the proper request to the matching cluster. This configuration was achieved leveraging catch-all rules, regexp, and other maintenance-heavy mechanisms.

For the sake of the example, such a configuration would have looked like the following:

http:
  routers:
    # Domain specific routers that forwards requests to another Traefik
    to-traefik-kube:
      rule: "HostRegexp(`{subdomain:[a-z]+}.kube-apps.example.com``)"
      service: traefik-kube
to-traefik-swarm:
  rule: "HostRegexp(`{subdomain:[a-z]+}.swarm-apps.example.com``)"
  service: traefik-swarm

services:
traefik-kube:
loadBalancer:
servers:
- url: http://traefik-kube-address
traefik-swarm:
loadBalancer:
servers:
- url: http://traefik-swarm-address

In this example, it’s clear that the layer one proxy has no information about the actual services running on the underlying layers. As a consequence, ops have to maintain this list of rules to match the underlying services at each update.

Traefik was born as a modern reverse proxy, capable of dynamically configuring its route from orchestrators. With Traefik Enterprise 2.5, we're extending this capability and making Traefik  proficient at configuring itself from other Traefik instances -- dynamically.

With this new release, you only need to connect your layer one Traefik to the others, and the rest is dynamic. Traefik will  consolidate all routing information into a single entry point, automatically getting updates from configurations of the underlying proxies.

Here is how the whole layer one instance configuration would look like (for ever):

entryPoints:
  web:
    address: ":8000"
  websecure:
    address: ":8443"

providers:
plugin:
traefik:
swarm:
apiAddr: "http://traefik-swarm-address:81"
kube:
apiAddr: "http://traefik-kube-address:80"

Of course, any new routing configurations available on the underlying layers are now  automatically exposed.

Secure your system-to-system communication with API Key Authentication

Many microservices architectures often have backend, non-interactive (system-to-system) services that require simple authentication mechanisms between two applications. One of the most popular is the API Key Authentication and Traefik Enterprise 2.5 introduces this as a new HTTP middleware.

To use the API Key authentication middleware, simply provide Traefik Enterprise with a hash of the API Key you want to use:

http:
  middlewares:
    my-apikey:w
      plugin:
        apiKey:
          secretValue: $2y$05$W8revhHpKlbH1UfCzpR0He/dK9mjXZRLjfq5RkYZKU7//EUrWz3lG

That’s it, you’re now able to send HTTP requests with a header, cookie or query parameter containing the base64-encoded matching secret.

For more information on supported hash algorithms and other configuration options, see the documentation.

Other enhancements

  • The API Portal configuration can now be handled on a per router basis
  • OIDC now accepts post login and post logout redirect URLs
  • Kubernetes 1.22+ is now officially supported

Whats Next

With the new Traefik Provider, Traefik Enterprise 2.5 brings additional features to ease multi-cluster operations. If you’re transitioning to Kubernetes or already leveraging multiple cloud-native technologies, go straight to a hands-on experience and sign up for a 30-day free trial. And if you'd like to see it in action, please request a demo - we’ll be happy to show you how Traefik can help.


This is a companion discussion topic for the original entry at https://traefik.io/blog/announcing-traefik-enterprise-2-5/
1 Like