Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Traefik Hub Enables Simple and Secure Container Publishing

Traefik Hub Enables Simple and Secure Container Publishing

Traefik Labs have announced the general availability of Traefik Hub, a tool designed to allow admins to quickly and securely publish Kubernetes and Docker containers.

Traefik Proxy has been available since 2015, providing dynamic application-aware traffic management which integrates well with major container orchestrators. Traefik Hub is a SaaS product which builds on this by managing the deployment of Kubernetes and Docker containers onto users' infrastructure. Traefik Hub targets architectures which are ever more complex and distributed, where traditional tools to make these services available on the Internet can be excessively complicated, sometimes conflicting, and susceptible to human error. First available as a beta in June 2022, Traefik Hub is now generally available.

Users deploy a lightweight agent to their infrastructure, which serves as a tunnel endpoint using industry-standard encryption for Traefik Hub to deploy containers onto it without having to expose the servers running the containers to the Internet. This technique is similar to that used by Hashicorp Boundary to provide perimeterless secure external access to internal services. Traefik Hub takes care of routing traffic to users' containers, by creating DNS names for users' services, and making advanced RBAC (Role Based Access Control) possible without users needing to possess the skills to set up cloud-native networking at scale. Internet traffic is directed to the containers by either Traefik Proxy or nginx running inside the Traefik Hub, and access control can be provided either by Basic Auth, or by deeper integration with JWT or OIDC. Key metrics are also collected by the agent, allowing Traefik Hub to report health and traffic volumes back to users via a dashboard, consolidated to provide a view across multiple containers and clusters.

For users running Kubernetes clusters, Traefik Hub can be implemented in a GitOps workflow. Traefik Hub provides CRDs (custom resource definitions) implementing EdgeIngress and AccessControlPolicy objects. This enables fully automated deployment of services accessible through Traefik Hub without having to work in a GUI, with services and appropriate access control defined entirely in code.

Traefik Hub goes to great lengths to reduce networking complexity, with the product effectively replacing the need for users to run their own reverse proxies, load-balancers or ingress controllers. A strength of Traefik Hub is to put all this together into the product, with appropriate routing taken care of by the Hub. It enables development teams to publish applications to the Internet with important security practices automated safely. Traefik Hub also integrates seamlessly with existing Traefik Proxy instances, which can be leveraged to autodiscover services to be published by the Traefik Hub.

Traefik Hub is available today, with a free tier available for users running only one cluster and with simple authentication requirements. Further functionality is available on Traefik Hub's paid tiers.

About the Author

Rate this Article