Skip to content


This page provides a general overview about the architecture and concepts of Traefik Hub.



Architecture Overview

Ingress Controller

An Ingress Controller is a component in Kubernetes that manages external access to services running within a cluster.

It acts as an entry point or traffic manager for incoming requests from outside the cluster, allowing them to reach the appropriate services based on defined rules and configurations.

Popular implementations include Traefik, NGINX Ingress Controller, and others.


A Kubernetes sidecar container is a secondary container that runs alongside the main application container within a single Kubernetes Pod.

Sidecar containers are deployed within the same Pod as the main application container, which allows them to share the same network namespace and IPC (inter-process communication).

This co-location enables close coordination and communication between the main container and the sidecar container.

Sidecar containers promote modular and extensible architectures, allowing different concerns to be handled independently within the same Pod.

Custom Resources

Traefik Hub uses CRDs (Custom Resource Definitions) to configure and manage APIs, Collections, Gateways and Portals.

For quick and effortless testing, you can use the UI (User Interface) to adjust settings.

Once you are satisfied and validated your changes, add them to the CRD and do a redeployment.

Changes done through the UI will be overwritten the next time you redeploy a CRD.


K8s-native refers to software or tools that are designed specifically to work seamlessly with Kubernetes, the popular container orchestration system.

Kubernetes provides a powerful platform for deploying, scaling, and managing containerized applications.

API management

diagram of API management

Diagram of API management

API Collections

In Traefik Hub, an API collection is a logical grouping of APIs. Collections can be accessed from a common path prefix, listing all APIs of a collection. An API can be part of multiple collections.

API Access Control

The API Access resource defines who can access which API and API Collection.

API Portal

The API Portal is the landing page of one or more published APIs and API Collections. In the Portal, the user can view the OpenAPI specification and can effortlessly interact and try out every single API operation.

API Gateway

In Traefik Hub, an API Gateway is the main entry point to all your APIs. This is where you define the public domains for your APIs and which APIs and API collections you want to expose via an API Access resource.


An account which has access to APIs, API Gateways and API Portals.


User or application that uses an API.


Example service overview in Traefik Hub

Example Service overview in Traefik Hub

A (Kubernetes) Service is a logical abstraction for a deployed group of Pods in a cluster (which all perform the same function).

A Service is a method for exposing a network application that is running as one or more Pods in your cluster.

See the official Kubernetes docs about Services for more information.

External Services

External Services are Services which are running outside a Kubernetes cluster.

This could be legacy applications hosted on VMs (Virtual Machines), on other systems or third party APIs.

Traefik Hub uses the ExternalName Service of Kubernetes to connect to these via DNS.

What's next

  • Follow one of the tutorials to get started with Traefik Hub