Hi
When using Traefik as proxy there are some security considerations as mentioned here.
Using the workarounds, e.g.
- Accounting at networking level (proxy_backend network)
- Accounting at container level ("socket exposer" container)
This will separating the control plane ("socket exposer" container with own network) from the data plane (proxy_backend network) as would it be the case when using TraefikEE as well?
Or is there any benefit from using TraefikEE (beside the support)?
Hi x-jokay,
This is Adrien from Containous.
Traefik EE has these main features on top of Traefik :
- Clustering/ High Availability
- Scalability:
- Ability to automatically spin up new data nodes and spin down when needed.
- Less pressure on k8s (or Swarm) API as only 1 TraefikEE instance watches it at a time (instead of all OSS instances)
- Security:
- Isolation between Data nodes (that handles the traffic) and the Control nodes (store the configuration).
- Encrypted Data (including sensitive data as certificates) on each node
- TraefikEE Cuddle
- Quick deployment with 1 line of code for all orchestrators through the CLI
- Lean management: switch from staging to production cluster with 1 flag, ensuring the same configuration everywhere
- Easier Static Configuration management: new static configuration is deployed node per node, no traffic lost
- Distributed Let’s Encrypt : able to share the Let’s Encrypt certificates to all the Data nodes
- Support
happy to continue the discussion / adrien@containo.us