Unleash custom networking logic with Traefik Plugins

Traefik is built to handle the application networking functions that are essential to modern IT. In today’s cloud-native environments, containerized applications and microservices must be in constant communication across networks. Functions like load balancing, inbound traffic management, and network security are more critical than ever. Fortunately, Traefik addresses these needs elegantly and reliably.

Almost inevitably, however, situations arise that can't easily be handled using standard features and methods. Perhaps an unusual application design requires unorthodox routing, or abnormal traffic conditions call for a novel, short-term fix. Ideally, you should be able to deploy custom logic to handle such niche cases.

That’s precisely the goal of Traefik plugins, which were introduced in the release-candidate builds of Traefik 2.3. Traefik has always been modular and extensible, and its feature set has grown with the addition of each new provider and middleware. With the addition of plugins, however, you can now easily build, use, and share their own custom extensions to Traefik’s functionality, with minimal development overhead.

Extensibility for everyone

Application plugins themselves are nothing new. Monolithic desktop apps from the likes of Adobe and Microsoft were among the first to introduce extension mechanisms, and web browsers weren’t far behind. But the earliest plugins shipped as prebuilt binaries, like the applications themselves. That meant they were often quirky to use, difficult to develop, and incompatible across platforms or even application versions.

As web browsers evolved into the most-used software in the world, however, they also blazed the path for how plugins should be built. As a result of work by Google, Mozilla, and others, creating extensions for today’s web browsers is both simpler and more open than in the past, thanks to key characteristics of their second-generation plugin model:

  • Modern browser extensions are written in JavaScript, a language that’s familiar to browser users and anyone involved with web development.
  • They are simple to develop and test, requiring no elaborate toolchains or build processes.
  • They are shared and distributed securely via a centralized, online marketplace.

Traefik the way you want it

Traefik’s new plugins take cues from modern browser extensions, with the aim of making it as easy to extend Traefik as it is to extend your browser. While traditional Traefik middlewares resemble the older style of binary plugins, Traefik’s new plugin mechanism follows the pattern set by the likes of Chrome and Firefox:

  • Traefik plugins are written in Go, the language used to develop Docker, Kubernetes, the Traefik family of projects, and other cloud-native infrastructure software.
  • Traefik’s embedded Yaegi interpreter makes plugin development and testing easy. No code needs to be compiled or linked, making this the first true interpreted Go language plugin mechanism.Plugins are distributed and shared online via an open marketplace that integrates with Traefik Pilot, the new SaaS control plane for Traefik.

Naturally, in designing an extension mechanism for Traefik, security is a top concern. Hosting plugins in the centralized Traefik Pilot hub makes it possible to block plugins containing malicious or malformed code for all Traefik users, protecting the entire community. Only open source plugins are allowed, so that their code can be reviewed and inspected for potential defects. And Traefik operators have ultimate control over which plugins are installed and allowed to run in their Traefik instances, as plugins can only be loaded and activated from Traefik’s static configuration at startup.

Plugins utilize the Go module downloading and verification system to protect users from unauthorized changes to code. We'll share more in-depth details on this and the security features of the runtime interpreter in a later post.

Plugging in

Because Traefik’s plugin mechanism follows industry best practices, working with Traefik plugins is almost as easy as working with browser extensions. To get up and running with your first plugin involves four key steps:

1. Register your Traefik instances

Plugins are only available to Traefik instances that are registered with the Traefik Pilot SaaS service. Registering is as easy aa logging into your Pilot account and clicking a button to request a token. Once you add that token to your Traefik instance’s static configuration, you’re ready to begin working with plugins from the catalog or to create your own. You’ll also gain the benefits of health monitoring and security vulnerability updates for your registered instances.

2. Develop your plugin

Traefik’s embedded Yaegi interpreter can handle virtually any Go code you throw at it. A good way to start is to read the documentation and review the source code of the Demo plugin that’s provided with Traefik Pilot. You can gain further inspiration by browsing the source code of contributed plugins in their own repositories.

3. Host your plugin on GitHub

Most developers will already be familiar with GitHub as a way to share code with the community. Every 30 minutes, Traefik Pilot polls GitHub, looking for repositories hosting plugins to add to the public catalog. For your plugin to be recognized, you need only set the topic `traefik-plugin` on your repo and include a manifest, as described in the developer documentation.

4. Load and activate your plugin

Once your plugin is available in the Traefik Pilot catalog, it’s ready for use in your Traefik instances. As mentioned earlier, for security reasons, plugin activation code must be included in an instance’s static configuration. No plugins can be installed or modified while Traefik is running. Some plugins may also need to have options set in the dynamic configuration. Clicking the “Install Plugin” button from the plugin’s page in the Traefik Pilot catalog supplies cut-and-paste templates of the code you’ll need for both the static and dynamic configurations.

More to come

This first iteration of the Traefik plugin interface gives you what you need to start building and deploying plugins that enable custom routing behaviors, like Traefik middlewares. You can expect forthcoming releases to make plugins even more powerful. For example, future plugins will be able to act as providers, making it possible to use these techniques to extend Traefik’s auto-discovery capabilities to include new orchestrators, cloud providers, key-value stores, and other infrastructure components.

For now, we hope you’ll take this opportunity to explore how plugins expand the possibilities of Traefik. Join the Traefik community forums to continue the discussion and help make Traefik the most powerful, versatile, and extensible tool for your application networking needs.

This is a companion discussion topic for the original entry at https://containo.us/blog/unleash-custom-networking-logic-with-traefik-plugins/