Skip to content


This page provides a general overview about the architecture and concepts of Traefik Hub.



Architecture Overview

Ingress Controller

An Ingress Controller is a component in Kubernetes that manages external access to services running within a cluster.

It acts as an entry point or traffic manager for incoming requests from outside the cluster, allowing them to reach the appropriate services based on defined rules and configurations.

Popular implementations include Traefik, NGINX Ingress Controller, and others.


A Kubernetes sidecar container is a secondary container that runs alongside the main application container within a single Kubernetes Pod.

Sidecar containers are deployed within the same Pod as the main application container, which allows them to share the same network namespace and IPC (inter-process communication).

This co-location enables close coordination and communication between the main container and the sidecar container.

Sidecar containers promote modular and extensible architectures, allowing different concerns to be handled independently within the same Pod.


K8s-native refers to software or tools that are designed specifically to work seamlessly with Kubernetes, the popular container orchestration system.

Kubernetes provides a powerful platform for deploying, scaling, and managing containerized applications.

Tools and software that are K8s-native are specifically designed to work within the Kubernetes ecosystem, leveraging its APIs and management model to streamline development, deployment, and management of containerized applications.

Examples of K8s-native tools include Helm charts, operators, and Kubernetes-native CI/CD pipelines. These tools provide a more streamlined and integrated experience for developers and operators working within the Kubernetes ecosystem.

API management

diagram of API management

Diagram of API management

API Collections

In Traefik Hub, an API collection is a logical grouping of APIs. Collections can be accessed from a common path prefix, listing all APIs of a collection. An API can be part of multiple collections.

API Access Control

The API Access resource defines who can access which API and API Collection.

API Portal

The API Portal is the landing page of one or more published APIs and API Collections. In the Portal, the user can view the OpenAPI specification and can effortlessly interact and try out every single API operation.

API Gateway

In Traefik Hub, an API Gateway is the main entry point to all your APIs. This is where you define the public domains for your APIs and which APIs and API collections you want to expose via an API Access resource.


An account which has access to APIs, API Gateways and API Portals.


User or application that uses an API.


Example service overview in Traefik Hub

Example Service overview in Traefik Hub

A (Kubernetes) Service is a logical abstraction for a deployed group of Pods in a cluster (which all perform the same function).

A Service is a method for exposing a network application that is running as one or more Pods in your cluster.

See the official Kubernetes docs about Services for more information.

What's next

  • Follow one of the tutorials to get started with Traefik Hub