This section clarifies terms specific to Traefik Enterprise.
Automatic Certificate Management Environment (ACME) is a protocol that can be used to interact with certificate authorities, such as Let's Encrypt. For more information, see RFC 8555.
An authentication source is a source (such as an LDAP server) with which Traefik Enterprise middleware can authenticate the validity of a request.
Traefik Enterprise comes with two command-line interface (CLI) tools:
The first is the Traefik Enterprise binary itself, while the latter helps you manage your Traefik Enterprise cluster.
In IT this is often described as the control plane and you can find more about this concept on Wikipedia or by readying the RFC 3746 and RFC 3746.
A cluster command is a request sent to the Traefik Enterprise cluster. The request will be handled by one of the controllers but will update/request the state of the whole cluster.
In IT this is often described as the data plane and you can find more about this concept on Wikipedia - Forwarding plane or by reading the RFC 3746.
Configuration of a Traefik Enterprise cluster, for example the cluster license and the number of controllers and proxies.
See Cluster Configuration, Dynamic Configuration, and Static Configuration, or refer to the Traefik Proxy configuration overview.
Controllers are Traefik Enterprise instances with components that are responsible for creating and managing the cluster. They are also responsible for synchronizing configuration changes with proxies.
In IT this is often described as the control plane. You can find more about this concept on Wikipedia or by reading RFC 3746 and more specifically Section 3.1.
Dynamic configuration is gathered from orchestrators and contains the definitions for resources like routers, services and middleware. See the dynamic configuration reference for more information.
In the documentation, infrastructure components refer to third-party tools like orchestrators (such as Kubernetes) and key-value stores (such as etcd).
Ingress proxies are Traefik Enterprise instances with components that are responsible for handling the routing of incoming requests. Their components are configured by the controller components.
In IT this is often described as the data plane. You can find more about this concept on Wikipedia or by reading RFC3746.
See Ingress Proxy and Service Mesh Proxy.
In Traefik Enterprise, the quorum is the minimum number of controllers of a cluster that must be up in order for the cluster to be healthy, as specified by the Raft algorithm. For more information on the number of controllers your cluster should have, take a look at this section of the documentation.
A dedicated infrastructure layer that manages and directs communication between microservices. In Traefik Enterprise, the service mesh is composed of a set of service mesh proxies deployed as pods on nodes of a Kubernetes cluster. Examples of functions provided by a service mesh proxy inclue authentication, rate limiting, traffic splitting, and implementing the circuit breaker pattern. Traefik Enterprise's service mesh implements the Service Mesh Interface (SMI) specification.
Service Mesh Proxy¶
An agent running as a pod on a node of a Kubernetes cluster that enables communication between services. In Traefik Enterprise, service mesh proxies are non-invasive and are deployed as a DaemonSet, rather than via sidecar containers. For configuration information, consult the relevant documentation.
Static configuration is applied to controllers and proxies and contains information such as the providers and entry points. Traefik Enterprise uses the same static configuration as Traefik with a few additions, such as Authentication Sources.