Announcing TraefikEE v1.1

Offers Automatic Certificate Management, Distributed Features, and Enhanced Support for DockerEE

It’s been two months since the general availability of the 1.0 version of Traefik Enterprise Edition. Encouraged by its successful launch, and propelled by the immense feedback we received from customers, the team started to work on 1.1 right away.

Traefik Enterprise Edition is a new platform built on top of Traefik, the popular open-source cloud-native edge router, designed for business-critical deployments. It adds clustering features to satisfy the needs of enterprise customers. See it in action in the video demonstration!

So, let’s see what’s new in this 1.1 for TraefikEE and traefikeectl, its control tool!

ACME Account & Certificate Management

Designed for users that already leverage Let’s Encrypt and its automatic certificate management, TraefikEE 1.1 allows you to seamlessly import your certificates right into the cluster.

traefikeectl acme-add-certificate \
	--certfile="cert.pem" \
	--keyfile="key.pem" \
	--accountname="my account"

In the process, it is now possible to manage ACME accounts within your TraefikEE cluster using the traefikee and traefikeectl binaries: ask TraefikEE to create ACME accounts, or to import your existing accounts.

# Adds your me@containo.us account to your TraefikEE cluster!
traefikeectl acme-add-account \
  --use \
  --caserver="https://caserver" \
  --email="me@containo.us" \
  --name="my account" 
  --privatekey="key.pem"
  --uri="https://registration_uri.com”

Want to learn more about these features, just check out the operating guide about TraefikEE 1.1.

Distributed Rate Limiting

TraefikEE makes autoscaling easy: deploy more data nodes as the number of incoming requests grows. Before 1.1, when you configured rate limiting for your underlying services, each node had its own rate limiting. In 1.1, the control plane makes sure the rate limiting is distributed within the cluster.

TraefikEE intercepts the rate limiting configuration and inject its own distributed rate limiting middleware into Traefik.

The best part? The configuration remains exactly the same!

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: myservice
  namespace: traefikee
  labels:
    app: myservice
  annotations:
    traefik.ingress.kubernetes.io/rate-limit: |
      extractorfunc: client.ip
      rateset:
        bar:
          period: 10s
          average: 10000
          burst: 10000

This service for example, has a cluster-wide rate limit set to 10,000 requests per client IP within 10 seconds.

Network Automatic Discovery

Some users were leveraging Docker Swarm network capabilities to improve security on their cluster, making sure each service used its own network.

Before 1.1, they had no choice but to attach another network to their services so that Traefik could reach them (and properly route the requests), or to attach the new networks to TraefikEE itself. Since Traefik has always been about dynamic configuration, we weren’t satisfied with this situation.

In 1.1, TraefikEE (thanks to its redesigned architecture) is now able to discover the new networks and to reach them automatically.

It means that you are now able to add new applications from different Docker networks — and TraefikEE will dynamically update the data plane to join those networks.

You can turn this feature on during installation time!

traefikeectl install \
  --swarm \
  --swarm.networkautodiscovery \
  --licensekey="$TRAEFIKEE_LICENSE_KEY"

Docker Enterprise Edition

TraefikEE is Docker certified! It means that it has been tested and is supported by Docker Enterprise — It complies with Docker best practices guidelines, has proven provenance, and has been scanned for security vulnerabilities.

Before 1.1, TraefikEE needed to install its control plane on the docker manager nodes, which could be a limitation.

Good news, TraefikEE 1.1 can now be deployed on the worker nodes (and don’t even need any manager node to fully operate).

On top of that, it now uses the UCP connector with enhanced security and proper credentials.

What’s Next?

With TraefikEE 1.1, we’re very proud to have helped our customers take full benefit of Traefik and find ways to make sure every detail was taken care of.

In 1.2 (yes, there will be a 1.2 before the next big step!) we will keep improving the user experience to make sure that managing a TraefikEE cluster is as simple as managing a single instance of Traefik, with extra benefits tailored for the enterprise.

Try it now!

Get a free one month trial right now, and install TraefikEE on your favorite environment by following the installation guides.

And if you want to learn more and see a live demo of TraefikEE 1.1, request a demo today.


This is a companion discussion topic for the original entry at https://containo.us/blog/announcing-traefikee-v1-1-1338e9b7cd79/