Traefik Enterprise 2.3 Arrives with Vault support & GitOps Compliance

We are pleased to announce that a new version of Traefik Enterprise is here, bringing with it an array of new capabilities. Among the new features in this latest release are integration with Vault, a new way to automate Traefik Enterprise installation, support for HTTP caching, and an API portal.

Secure Your Infrastructure in a Vault

The more APIs your infrastructure contains, the more complicated TLS certificate management becomes.

To solve this problem, many companies have used Vault to manage their certificates securely. Customers have asked us to help them easily serve these certificates using Traefik Enterprise, and this is now possible with Traefik Enterprise 2.3.

Vault as a Provider

Traefik Enterprise has always been able to read certificates from key-value stores such as Consul or etcd. It’s now possible to use Vault in the same way, thanks for the new Vault provider in Traefik Enterprise 2.3.

Configure your Traefik Enterprise cluster to reach your Vault server and it will detect the certificates to serve them:

# Static Configuration
providers:
  plugin:
    vault:
      url: "http://127.0.0.1:8200" # Vault server URL
      token: "s.CUDDqqjiIFXF60KVSeJOxeb5" # Vault Authentication Token

As usual with Traefik Enterprise, the configuration will be refreshed automatically each time you insert or delete certificates in your Vault server.

Vault PKI Support

Many organizations use Vault to generate TLS certificates on the fly using its public key infrastructure (PKI) feature. Now you can take advantage of this capability with Traefik Enterprise.

Based on our experience with Let’s Encrypt, we created a new certificate resolver to integrate Traefik Enterprise with Vault PKI.

# Static Configuration
certificatesResolvers:
  vaultResolver:
    vault:
      url: "http://127.0.0.1:8200" # Vault server URL
      token: "s.CUDDqqjiIFXF60KVSeJOxeb5" # Vault Authentication Token
      role: "vault-role" # Role to use to generate certificates

Once this feature is enabled, Traefik Enterprise can use Vault to create and renew all your TLS certificates, which in turn helps to ease management of your APIs.

Don’t hesitate to take a look at our documentation for more information about this feature.

GitOps Automation

More and more organizations use GitOps tools to automate their deployments. Customers have asked us for better integration of Traefik Enterprise with these tools, and with this release, we’ve delivered.

Traefik Enterprise 2.3 brings a couple of features to improve our compliance with popular GitOps tools (such as Argo CD).

You can now download a customized Traefik Enterprise manifest to install a cluster in Kubernetes from a web service. Additionally, you can provide your static configuration in a Kubernetes ConfigMap, so the configuration can be discovered and automatically reloaded by Traefik Enterprise.

If you’re interested in the feature, follow our step by step installation documentation and try it out for yourself.

Speed Up Your Traffic with HTTP Caching

Having an infrastructure that can manage all of your traffic is a good thing. But having this infrastructure optimized for your needs is even better.

With this in mind, Traefik Enterprise 2.3 introduces a new HTTP Cache middleware based on RFC 7234. It speeds up your external traffic and optimizes your internal traffic by caching HTTP responses in Traefik Enterprise proxies. Thus, you can reduce the workload on your services for most HTTP requests.

You just have to set this middleware on your router and Traefik Enterprise will start improving your response times automatically:

# Dynamic Configuration
http:
  middlewares:
    test-http-cache:
      plugin:
        httpCache:
          maxTtl: 600
          memory:
            limit: "3Gi"

API Portal for Developers

Deploying a microservice architecture means managing infrastructure with many APIs. These APIs are typically provided by multiple teams in the organization and they are often exposed to external partners.

But how to share the APIs information with all the involved parties? That's where Traefik Enterprise 2.3 comes in.

With this new release, you need only describe your APIs’ specifications in the popular OpenAPI format and expose them using Traefik Enterprise’s new API portal feature:

# Static Configuration
apiportal:
  url: spec.json

With just a few lines of configuration, your API specification is reachable from your service.

Need to monitor all your APIs at a glance? No worries, Traefik Enterprise provides you a dedicated web UI.

What's Next?

With the addition of Vault support, Traefik Enterprise adds support for enterprise authentication protocols and Let’s Encrypt to its portfolio of security capabilities.

In future releases, we’ll continue to develop enterprise-specific features to solve networking issues for companies who choose Traefik Enterprise.

Take a closer look at Traefik Enterprise’s features to learn more. If you want to test drive this new version, sign up for a free trial of Traefik Enterprise 2.3 today.


This is a companion discussion topic for the original entry at https://traefik.io/blog/traefik-enterprise-2-3-arrives-with-vault-support-gitops-compliance-and-more/
1 Like