Glossary

This section clarifies terms specific to Traefik Enterprise.

ACME

Automatic Certificate Management Environment (ACME) is a protocol that can be used to interact with certificate authorities, such as Let's Encrypt. For more information, see RFC 8555.

Authentication Source

An authentication source is a source (such as an LDAP server) with which Traefik Enterprise middleware can authenticate the validity of a request.

CLI

Traefik Enterprise comes with two command-line interface (CLI) tools: traefikee and teectl. The first is the Traefik Enterprise binary itself, while the latter helps you manage your Traefik Enterprise cluster.

Note

You can read the full documentation of traefikee and teectl to learn more about what you can achieve with them.

Cluster Command

A cluster command is a request sent to the Traefik Enterprise cluster. The request will be handled by one of the controllers but will update/request the state of the whole cluster.

Note

Cluster commands are documented in the traefikee Command Line Reference section.

Cluster Configuration

Configuration of a Traefik Enterprise cluster, for example the cluster license and the number of controllers and proxies.

Configuration

See Cluster Configuration, Dynamic Configuration, and Static Configuration, or refer to the Traefik Proxy configuration overview.

Controller

Controllers are Traefik Enterprise instances with components that are responsible for creating and managing the cluster. They are also responsible for synchronizing configuration changes with proxies.

Note

In IT this is often described as the control plane. You can find more about this concept on Wikipedia or by reading RFC 3746 and more specifically Section 3.1.

Dynamic Configuration

Dynamic configuration is gathered from orchestrators and contains the definitions for resources like routers, services and middleware. See the dynamic configuration reference for more information.

Infrastructure Components

In the documentation, infrastructure components refer to third-party tools like orchestrators (such as Kubernetes) and key-value stores (such as etcd).

Ingress Proxy

Ingress proxies are Traefik Enterprise instances with components that are responsible for handling the routing of incoming requests. Their components are configured by the controller components.

Note

In IT this is often described as the data plane. You can find more about this concept on Wikipedia or by reading RFC3746.

Proxy

See Ingress Proxy and Service Mesh Proxy.

Quorum

In Traefik Enterprise, the quorum is the minimum number of controllers of a cluster that must be up in order for the cluster to be healthy, as specified by the Raft algorithm. For more information on the number of controllers your cluster should have, take a look at this section of the documentation.

Service Mesh

A dedicated infrastructure layer that manages and directs communication between microservices. In Traefik Enterprise, the service mesh is composed of a set of service mesh proxies deployed as pods on nodes of a Kubernetes cluster. Examples of functions provided by a service mesh proxy inclue authentication, rate limiting, traffic splitting, and implementing the circuit breaker pattern. Traefik Enterprise's service mesh implements the Service Mesh Interface (SMI) specification.

Service Mesh Proxy

An agent running as a pod on a node of a Kubernetes cluster that enables communication between services. In Traefik Enterprise, service mesh proxies are non-invasive and are deployed as a DaemonSet, rather than via sidecar containers. For configuration information, consult the relevant documentation.

Static Configuration

Static configuration is applied to controllers and proxies and contains information such as the providers and entry points. Traefik Enterprise uses the same static configuration as Traefik with a few additions, such as Authentication Sources.