Autoscaling Traefik Hub API Gateway

Autoscaling the Traefik Hub Gateway allows your API Gateway to dynamically adjust its capacity based on traffic load. This guide covers how to enable and configure autoscaling using Kubernetes Horizontal Pod Autoscalers (HPA) to maintain optimal performance and resource efficiency.

Traefik Hub Gateway is typically CPU-bound, making autoscaling critical for maintaining performance during traffic spikes. When autoscaling is enabled, the HPA automatically adjusts the number of replicas based on CPU utilization, removing the need for manual intervention and ensuring that your deployment scales dynamically in response to demand.

Prerequisites

Before enabling autoscaling, verify that you have the following in place:

• Kubernetes Metrics Server: HPA relies on the Metrics Server to obtain resource usage metrics. Ensure it is installed and properly configured in your cluster.
• Resource Requests & Limits: Define appropriate CPU and memory requests and limits for your Gateway pods. These settings are necessary for the HPA to make accurate scaling decisions.

Enabling Autoscaling

You can set autoscaling settings for Traefik Hub API Gateway in your Helm values file. Below is an example configuration that enables autoscaling and sets the resource requirements:

Helm Values

deployment:
  replicas: null   # Set to null to let HPA manage the replica count
resources:
  requests:
    cpu: "100m"
    memory: "50Mi"
  limits:
    cpu: "300m"
    memory: "150Mi"
autoscaling:
  enabled: true
  maxReplicas: 2
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 80

Deployment Information

kubectl describe deployments traefik -n traefik

Name:                   traefik
Namespace:              traefik
CreationTimestamp:      Fri, 21 Mar 2025 14:15:35 +0000
Labels:                 app.kubernetes.io/instance=traefik-traefik
                        app.kubernetes.io/managed-by=Helm
                        app.kubernetes.io/name=traefik
                        helm.sh/chart=traefik-34.4.0
Annotations:            deployment.kubernetes.io/revision: 1
                        meta.helm.sh/release-name: traefik
                        meta.helm.sh/release-namespace: traefik
Selector:               app.kubernetes.io/instance=traefik-traefik,app.kubernetes.io/name=traefik
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  0 max unavailable, 1 max surge
Pod Template:
  Labels:           app.kubernetes.io/instance=traefik-traefik
                    app.kubernetes.io/managed-by=Helm
                    app.kubernetes.io/name=traefik
                    helm.sh/chart=traefik-34.4.0
  Annotations:      prometheus.io/path: /metrics
                    prometheus.io/port: 9100
                    prometheus.io/scrape: true
  Service Account:  traefik
  Containers:
   traefik:
    Image:       ghcr.io/traefik/traefik-hub:v3.14.1
    Ports:       9100/TCP, 8080/TCP, 8000/TCP, 8443/TCP, 9943/TCP
    Host Ports:  0/TCP, 0/TCP, 0/TCP, 0/TCP, 0/TCP
    Args:
      --global.checknewversion
      --global.sendanonymoususage
      --entryPoints.metrics.address=:9100/tcp
      --entryPoints.traefik.address=:8080/tcp
      --entryPoints.web.address=:8000/tcp
      --entryPoints.websecure.address=:8443/tcp
      --api.dashboard=true
      --ping=true
      --metrics.prometheus=true
      --metrics.prometheus.entrypoint=metrics
      --providers.kubernetescrd
      --providers.kubernetescrd.allowEmptyServices=true
      --providers.kubernetesingress
      --providers.kubernetesingress.allowEmptyServices=true
      --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik
      --entryPoints.websecure.http.tls=true
      --log.level=INFO
      --hub.token=$(HUB_TOKEN)
    Limits:
      cpu:     300m
      memory:  150Mi
    Requests:
      cpu:      100m
      memory:   50Mi
    Liveness:   http-get http://:8080/ping delay=2s timeout=2s period=10s #success=1 #failure=3
    Readiness:  http-get http://:8080/ping delay=2s timeout=2s period=10s #success=1 #failure=1
    Environment:
      POD_NAME:        (v1:metadata.name)
      POD_NAMESPACE:   (v1:metadata.namespace)
      GOMAXPROCS:     1 (limits.cpu)
      GOMEMLIMIT:     157286400 (limits.memory)
      HUB_TOKEN:      <set to the key 'token' in secret 'traefik-hub-license'>  Optional: false
    Mounts:
      /data from data (rw)
      /tmp from tmp (rw)
  Volumes:
   data:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>
   tmp:
    Type:          EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:     <unset>
  Node-Selectors:  <none>
  Tolerations:     <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   traefik-6db6d5bb5b (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  36s   deployment-controller  Scaled up replica set traefik-6db6d5bb5b to 1

HPA Information

Setting the autoscaling values via Helm will automatically create a HPA resource in the cluster

kubectl get hpa -n traefik

NAME      REFERENCE            TARGETS       MINPODS   MAXPODS   REPLICAS   AGE
traefik   Deployment/traefik   cpu: 1%/80%   1         2         1          82s

info

• deployment.replicas: null : When autoscaling is enabled, do not manually set the number of replicas. The HPA will dynamically adjust the replica count based on CPU utilization. If you want to manually set the replicas, see the manual scaling page.

• Resource Settings: Defining resource requests and limits ensures that the HPA has accurate data to trigger scaling events. The example values on this page are purely for demonstration purposes. Do not forget to adjust these values according to your needs.

Pod Disruption Budget

Maintaining high availability during updates, scaling events, or maintenance is critical for any tool handling Ingress. Traefik Hub supports Kubernetes PodDisruptionBudget (PDB) out of the box. PDBs ensure that a minimum number of pods remain available during voluntary disruptions, which is particularly important when using HPA.

By enabling a PDB, you prevent excessive pod evictions during autoscaling events, helping to maintain uninterrupted traffic routing. For production environments, we strongly recommend enabling a PDB in your deployment.

You can do this with the following Helm values:

Helm Values

podDisruptionBudget:
  enabled: true
  minAvailable: 1

PDB Information

Setting the PDB values via Helm will automatically create a PDB resource in the cluster

kubectl get pdb -n traefik

NAME      MIN AVAILABLE   MAX UNAVAILABLE   ALLOWED DISRUPTIONS   AGE
traefik   1               N/A               0                     71s

This configuration guarantees that at least one pod remains active during disruptions, reducing downtime and ensuring that your API gateway remains responsive.

Conclusion

By leveraging autoscaling, Traefik Hub Gateway can dynamically adjust its capacity based on real-time CPU utilization. Coupled with a properly configured PodDisruptionBudget, this approach minimizes downtime during scaling and maintenance, ensuring a resilient and responsive API gateway.

For additional details on Kubernetes autoscaling, please refer to the Kubernetes HPA documentation.