What's new in Traefik Hub?
December 2024
What’s New
New Feature : Secure, govern, and observe AI endpoints like APIs
We are excited to announce the new AI gateway feature which allows you to manage and integrate multiple Large Language Model (LLM) providers.
To get started, check out our AI Gateway documentation to learn how to enable & start using it.
New Feature : Managed Subscriptions (API Management)
Introducing managed subscriptions, a powerful way to manage subscriptions between applications and your APIs or API Bundles. With ManagedSubscription
, you get the following benefits:
- Application-level control: With managed subscriptions, you can specify applications that will consume APIs via an application identifier (
appId
). This allows you to manage API consumption at the application level rather than the user level. - Control access: Define which applications can access specific APIs or API Bundles.
- Enforce API plans: Apply API Plans to subscriptions to enforce rate limits, quotas, and other policies.
- Claims-based authorization: Use expressions to validate claims in authentication tokens (e.g., JWTs) for fine-grained access control.
For more details, refer to the Managed Subscriptions documentation.
New Feature : APICatalogItem (API Management)
We are excited to announce the addition of the APICatalogItem
Custom Resource Definition (CRD) in Traefik Hub API Management.
APICatalogItem
is a resource in Traefik Hub that defines which APIs are visible to users in the Developer Portal. It allows API managers to control the visibility of APIs and API Bundles to specific user groups, ensuring that API consumers only see the APIs they are authorized to access.
Key Features of APICatalogItem
:
- Specify which APIs or API Bundles are displayed to specific user groups.
- Control the visibility of specific operations within APIs.
For more details, refer to the APICatalogItem documentation.
For existing Traefik Hub Kubernetes deployments, you need to upgrade your cluster to use at least v33.1.0 of the Traefik Helm chart that introduces the AIService
, ManagedSubscription
& APICatalogItem
CRDs, please see upgrading instructions for more information.
Breaking Change : Deprecation of APIAccess
resource (API Management)
As part of our efforts to simplify and enhance the API management experience, we are deprecating the APIAccess
CRD. The functionalities provided by APIAccess
are now encompassed by the new ManagedSubscription
& APICatalogItem
CRDs, offering more visibilty, flexibility and control over API access management.
We recommend transitioning from APIAccess
to ManagedSubscription
& APICatalogItem
to take advantage of the new features and improvements.
Bug Fixes
- We fixed the CVE-2024-52003 vulnerability in Traefik Hub v3.8.0.
- We fixed the CVE-2024-45410 vulnerability in Traefik Hub v3.8.1.
November 2024
What's New
Support for Managing APIs with HTTPRoute
in API Management
Traefik Hub API Management now supports using HTTPRoute to manage APIs.
For more information, check out our Kubernetes Gateway API glossary page & API resource documentation.
Ocotober 2024
What's New
Support for Consul Catalog Enterprise
We are excited to announce that Traefik Hub API Gateway now supports Consul Catalog Enterprise as a part of our providers.
To get started, check out our Consul Catalog Enterprise documentation to learn how to enable & configure it.
September 2024
What's New
New Feature: Traffic Debugger
We are excited to announce that Traefik Hub now integrates with Treblle as the Traffic Debugger, enhancing your API observability experience across both API Management and Gateway features.
What does this mean for you?
- Real-Time API Monitoring: Gain immediate insights into your API traffic, helping you identify and address issues as they happen.
- Request and Response Debugging: The Traffic Debugger provides detailed insights into individual API calls, allowing you to troubleshoot and resolve problems efficiently.
- Error Tracking and Performance Metrics: Monitor error rates, response times, and other critical metrics to optimize your APIs.
Why is this important?
With the Treblle integration, you can improve the reliability and performance of your APIs, leading to better user experiences and increased confidence in your API infrastructure.
To get started, check out our Treblle integration guide to learn how to enable this feature and start enhancing your API observability.
New Feature: API Plans (API Management)
Introducing API Plans, a comprehensive solution for API governance that centralizes the management of rate limits and quotas. API Plans replace the previous APIRateLimit
feature, providing a more structured and policy-driven approach to controlling API consumption. This ensures fair and efficient resource distribution among your API consumers.
Key Features
- Centralized Policy Management: Consolidate rate limiting and quota enforcement into a single resource, making it easier to maintain and update policies.
- Streamlined Access Control: Simplify the association between user groups and APIs through well-defined plans, enhancing access management efficiency.
- Consistent Governance: Apply standardized API Plans across all APIs to ensure uniform governance and reduce the risk of misconfigurations.
Breaking Change
With the introduction of API Plans, the older APIRateLimit
feature is removed. Users are encouraged to transition to API Plans to take advantage of the enhanced governance and management capabilities.
Prerequisites
For creating Plans other than unlimited, ensure that Redis is deployed and configured in your cluster and Traefik deployment to utilize the APIPlan
feature. For detailed installation and configuration steps, follow the API Plan documentation.
New Feature: API Bundle (API Management)
We are thrilled to introduce API Bundles, a new feature designed to streamline the management of your APIs. API Bundles allow you to group multiple APIs into a single, cohesive entity, enhancing efficiency and governance.
Key Benefits
- Unified Management: Group one or more APIs under a single API Bundle, simplifying reference and access across your infrastructure.
- Centralized Policy Enforcement: Apply API Plans directly to API Bundles, enabling consistent rate limits and quotas across all included APIs.
- Flexible Inclusion Methods: Add APIs to a bundle by explicitly naming them or using Kubernetes-native label selectors for dynamic and scalable management.
To get started with creating API Bundles, refer to our API Bundle Documentation.
July 2024
What's New
- Native Coraza WAF integration: Secure APIs with the Coraza Web Application Firewall (endorsed by OWASP). The native WAF integration in Traefik Hub provides more than 23x performance improvement over Traefik Proxy's WASM-based WAF plugin.
- Distributed ACME on all platforms using Vault: Simplify certificate management and ensure that certificates are always up-to-date by automatically obtaining and renewing TLS certificates with ACME from Certificate Authorities like Let's Encrypt. The Hub-exclusive distributed ACME is more efficient for large-scale or high-availability setups, as it reduces duplication and ensures consistency across all Gateway instances by leveraging HashiCorp Vault as shared secure certificate storage. Now available for all supported installation platforms.
- Vault Public Key Infrastructure: Create your own private certificate authority (CA) with the HashiCorp Vault PKI secret engine to issue, manage, and revoke digital certificates. Combine it with the gateway's ACME resolvers for automated certificate management, even in a distributed way.
- LDAP middleware: Secure your APIs by delegating the authentication to an external LDAP server with the LDAP middleware.
- OPA middleware: The Open Policy Agent middleware restricts access to your APIs and allows you to enrich request headers with data extracted from policies.
- Cache middleware: Add cache middleware to your routers and improve the performance of your infrastructure by reducing latency, network traffic, and the time needed to interact with an API.
- FIPS-compliant Docker image: Traefik Hub is now compliant with FIPS 140-2, a U.S. Federal Government security standard used to approve cryptographic modules.
- Multi-platform install snippets: A newly added platform selector helps you in the new gateway creation wizard to get tailored installation snippets for Kubernetes, Docker Compose, Docker Swarm, HashiCorp Nomad, and Systemd for Linux-based virtual machines, bare-metal hardware or cloud computing instances like AWS EC2.
- The embedded Traefik Proxy version has been updated to bring the latest open-source improvements for Hub.
API Management-exclusive features
- Add any third-party Identity Provider with OIDC: User management has never been easier. Secure your API Developer Portals and API Gateways with any third-party Identity Provider you already have, such as Okta or Azure Entra ID, using enterprise-grade OIDC. Check the documentation about how to configure it on the online Hub dashboard.
- Metrics overview in the online dashboard: The Hub online dashboard gives you an overview of your APIs' overall consumption and health. You can also filter for every API, user, and API Management-enabled gateway. Fine-grained metrics are still available on the gateway with OpenTelemetry.
May 2024
What's New
- Traefik Hub now embeds all Traefik Proxy v3.0 features (compatible with Traefik v2).
- Capacity to install Traefik Hub as a drop-in replacement of Traefik Proxy, with additional Enterprise features such as authentication, authorization, distributed rate limit, and more.
- Traefik Hub provides robust API management capabilities for API publishers and consumers. The features include API versioning, user and fine-grained access management, rate limiting, declarative configuration linting, API developer portals, API observability metrics, and many more.
- Promote any Ingress or IngressRoute to become a managed API. This means one can now attach any built-in gateway middleware or plugins to APIs, unlocking Traefik's entire network power for APIs.
- Extend Traefik Hub with your custom WebAssembly (WASM) plugins.
- Leverage the new Coraza Web Application Firewall, a plugin Traefik Labs supports.
- OpenTelemetry (OTel) metrics are now available on both ingresses and managed APIs.
- Operate API Gateways fully offline without reliance on any SaaS platform.
February 2024
What's New
- We've added a new filtering concept in the APIAccess CRD that enables you to select sets of OpenAPI operations defined on APIs or APIVersions. You can find more information in the API CRD reference.
- All-new API Portal. We've refreshed the API Portal UI to create a better user experience.
- It is now possible to turn off the generation and usage of traefikhub.io domains for your API Gateways and Portals.
- Error logs generated by the Traefik Hub agent are now transmitted to the Traefik Hub platform and stored for 24 hours to assist in resolving support requests quickly. You can turn off sending error logs by adjusting the default configuration.
- We've enhanced the API and the APIVersion CRDs.
Both CRDs support now naming of the API Service port
service.port.name
.
December 2023
What's New
- You can now publish APIs without an OpenAPI specification.
- We've published a complete Traefik Hub GitOps demo. Follow the tutorial to learn how to deploy and manage APIs on a local Kubernetes cluster with Flux.
- We've updated the dashboard to make it more effortless for you to get an overview about configured access policies and rate limits. This information is now displayed in the API details page, as in the user and groups details pages.
November 2023
What's New
- Traefik Hub now has a direct integration with Okta.
- Starting today, you're able to use JWT to secure access to APIs.
- We've added support for distributed rate limiting.
- We've enhanced our OpenTelemetry metrics by adding support for API versions.
- The dashboard now shows a warning sign when a Traefik Hub agent faces a connectivity issue.
- We've released a new version of the Traefik Hub agent
v2.4.2
and of the Helm chartv2.5.1
v2.5.1 Changelog. Please upgrade the Traefik Hub agent to enjoy the latest enhancements. Depending on your set-up, please follow the detailed documentation about upgrading the Ingress Controller or the Sidecar Mode installation.
October 2023
What's New
- In this release, we've added OpenTelemetry support to Traefik Hub.
- We've added support for adjusting CORS and API header policies through CRDs and via the dashboard.
- You can now manage workspace roles through the dashboard.
Security
- ⚠️ The Traefik Hub agent
v2.3.0
and Helm chartv.2.3.0
(v2.3.0 Changelog) releases are fixing CVE-2023-44487 in the Traefik Hub agent.
September 2023
What's New
- You can use Keycloak for Single Sign-On (SSO) or as an identity broker for Traefik Hub.
- We enhanced workspace management. You can now assign roles to workspace members.
Every role,
Viewer
,Editor
andAdmin
has a different set of permissions. - Traefik Hub now supports CORS (Cross-Origin Resource Sharing) configuration via CRDs.
August 2023
What's New
- We've added support for API versioning through CRDs and via the dashboard.
- We've published the Traefik Hub Helm Chart on GitHub.
- We've improved the dashboard to provide a better experience when you select Services. You can now better identify if you use an internal or external (API) Service.
- The dashboard shows now a warning sign when the user's initial password reset has not been performed yet.
- We've released a new version of the Traefik Hub Helm chart with an update of the Traefik Hub agent. Please find the changelog for
v2.2.0
on GitHub. Please upgrade to versionv2.2.0
to enjoy the latest enhancements. Depending on your set-up, please follow the detailed documentation about upgrading the Ingress Controller or the Sidecar Mode installation.
Bug Fixes
- We've fixed a couple of tiny bugs in the user interface (dashboard).
July 2023
What's New
- The Traefik Hub agent supports now two different installation methods, the Ingress Controller mode and the Sidecar Mode.
- We've added Emissary (formerly Ambassador, an Envoy-based) Ingress support with Sidecar Mode.
- We've improved API management, you can now select APIs by name and by Labels. You can combine names and Labels to filter your selections even more.
- We've added support for rate limiting to the dashboard.
- We've added support for Swagger v2.
Bug Fixes
- We've fixed a couple of descriptions in the dashboard.
June 2023
What's New
- You can now manage external APIs, hosted outside your Kubernetes cluster, for example on Virtual Machines (VMs) or third party APIs.
- Starting today, you're able to use rate limiting for APIs.
- We strengthened security. The Traefik Hub token is now provided as a Secret during installation.
- If you deal with large clusters, we made your life easier with filtering Services by namespace in the dashboard, to quickly find what you look for.
- The dashboard provide more guidance, with clear indications of which fields are required and more descriptions.
- We've updated the dashboard to put key information right at your fingertips: information on APIs and API Collections, the API Developer Portal and Users.
Corresponding screens have been updated for better clarity. - We’ve improved the API Developer Portal responsiveness by adding HTTP cache control headers.
- For you to more quickly see how to perform given tasks, we've restructured the documentation, added more tutorials and improved the content overall.
- Based on your feedback, we've tinkered with the internal workings and polished some rough edges.
Bug Fixes
- If your session has expired, you will now be redirected to the login screen.
- We've fixed a couple of bugs in the dashboard related to pop-ups, selecting Services, user groups and error pages.
- We've fixed a bug related to TLS termination.
- There were a few little bugs that caused performances issues, like bugs do. We fixed those, and we’ll fix the next ones too.
May 2023
What's New
- We've changed the architecture, Hub now supports only K8s, the Agent uses a sidecar, and it is compatible with any Ingress Controller.
- We've added a new ACP (Access Control Policy) for API Keys.
- We've added a new OAuth Introspection ACP.
- Starting today, you're able to use CRDs for APIs, API Collections, API Accesses, API Gateways, and API Portal objects.
- API consumption is now protected by tokens.
- We've added API Management, now you can use Hub as a platform for managing, routing, monitoring, and securing APIs.
- You can use Traefik Hub as IdP (Identity Provider).
- We've replaced freemium tiers with a new trial mechanism.
- User deletion is now fully GDPR-compliant, no user data is retained.
- Traefik Hub supports now team collaboration with workspaces.
- Traefik Hub is now compatible with Traefik's IngressRoute.
- We've added support for wildcard domains.
- We've added the functionality to expose Prometheus compatible metrics from the Traefik Hub agent.
- Hub errors are now leveraging K8s events.
- We restructured and updated the documentation.
- We adjusted the Service page in the dashboard, port numbers are now visible when they exceed more than 3 characters.
Bug Fixes
- We fixed an issue that prevented some ACPs to be deleted.
- We improved the process of certificate renewals.
- We solved an issue with custom domain validation.