The control plane is a key component of Traefik Enterprise. It is responsible for storing all cluster data, including events, TLS certificates, and the Traefik Proxy configuration. It is also in charge of connecting to the orchestrator to generate the data plane routing configuration and manage the service mesh.
Since it is such a critical part of your system, Traefik Enterprise is designed from the ground up to be fault tolerant: the control plane runs natively in cluster mode without any extra configuration or external key-value store. It ensures your data is always available and safe by using an internal distributed store, implemented with Raft.
You can find more information on high availability by visiting Concepts -> High Availability.
The data plane is in charge of forwarding the incoming requests to the backend applications running inside your infrastructure. It is designed to scale horizontally in order to face irregular network loads. Traefik Enterprise handles high loads easily: just add more nodes to the data plane to handle the additional requests. When the peak is gone, shrink the number of nodes to save resources. Of course, this process can be handled automatically using auto-scaling tools.
By splitting responsibilities between two planes, Traefik Enterprise follows the principle of "separation of concerns." To ensure that sensitive information only runs within a closed and safe environment, the control plane is not exposed to the outside. As a result, any malicious action from external traffic stays within the data plane and your platform stays safe. Moreover, Traefik Enterprise only relies on encrypted communications between nodes, to add an extra layer of security.
New. Traefik Enterprise 2.2 introduces an optional integrated service mesh -- a feature not provided by Traefik Proxy. While Traefik Enterprise ingress nodes control how external traffic can access your services, Traefik Enterprise service mesh nodes manage internal traffic between multiple microservices that make up an application on your cluster.
The service mesh takes advantage of Traefik Enterprise's architecture and is integrated with its control plane. It conforms to the current Service Mesh Interface (SMI) specification and supports such features as traffic access control, traffic splitting, and the circuit breaker pattern.
Installing and managing a Raft-based application is usually a painful experience. Because Traefik Proxy's popularity is due to its usability and refreshing user experience, however, we have extended those benefits to Traefik Enterprise for you.
Traefik Enterprise comes with an additional command-line tool called
teectl (pronounced "teakettle") that can deploy and operate a cluster with several nodes with a single command line.
We hope you will love using this time-saving tool.
The Traefik Enterprise dashboard shows you all the relevant information about your cluster at a glance.
- Monitor and view error reporting for your cluster:
- Visualize the nodes of your cluster:
- Monitor and view error reporting for your ingress:
- Monitor and view error reporting for your service mesh:
Traefik Enterprise licenses come with built-in support: contact our team of engineers at support.traefik.io.
|Feature||Traefik Proxy||Traefik Enterprise|
|Websockets, HTTP/2, TCP, GRPC ready||✓||✓|
|Static Configuration Auto Reload||✓|
|Public Plugin Support||✓||✓|
|Private Plugin Support||✓|
|Vault K/V (TLS cert store)||✓|
|Integrated Service Mesh||✓|
|OAuth Token Introspection||✓|
|OpenID Connect authentication||✓|
|Open Policy Agent Support||✓|
|Vault AppRole Authentication||✓|
|Distributed Let's Encrypt||✓|
|Distributed Rate Limit||✓|
|Distributed In Flight Request||✓|
|Encrypted Cluster Communication||✓|
|Built-In Commercial Support||✓|
Now that you have a basic overview of Traefik Enterprise's features, you might want to go straight to the installation phase and read the Quick Start.
Or maybe you'd like to familiarize yourself even more with the vocabulary and take a look at the glossary?