Making a Case for Change: Migrating your Kubernetes Ingress Controller to Traefik
Adopting Kubernetes is an iterative process. Teams must make ongoing tradeoffs between exploring Kubernetes capabilities and getting the system up and running. It’s common for many configuration decisions to be completed expeditiously or without much thought, with the intent of revisiting them in the future. Those early or default decisions often have a way of becoming policy, impacting your technology stack and debt for months or years to come.
A case in point is the choice of an ingress controller to route inbound traffic. Operators often adopt solutions that offer a path of least resistance, usually maintained and supported by the Kubernetes project. However, as teams progress in their Kubernetes journeys switching to a progressive alternative, such as Traefik Proxy, can offer significant advantages.
This article explores how migrating your Kubernetes ingress controller to Traefik can benefit production-ready projects. We’ll also discuss how organizational resistance to change can hinder positive improvement in IT projects and how an internal champion can overcome that resistance.
The inertia of the status quo
Making changes to production IT means expending resources on planning and execution, so it should be no surprise when management or other stakeholders — such as infrastructure operators or DevOps teams — raise objections to an effort like switching Kubernetes ingress controllers. Luckily, many common concerns can be easily assuaged.
“Don’t fix what isn’t broken”
When the status quo seems adequate, making a case for change is hard. The champion for change must address whether the overheads and risks of modifying a functional system are warranted. It’s important to stress that the purview of engineering teams is not limited to fixing what’s broken but also identifying the gains that can be achieved by moving to a better solution.
Avoiding the “shiny object” syndrome
Some engineering projects sell themselves. In other cases, however, management might perceive a proposed change as a mere indulgence. Given the pace of change in the cloud native Kubernetes ecosystem, where many early-stage projects never seem to fully mature, stakeholders can be naturally wary of investing in new technologies.
And yet, while your production Kubernetes ingress controller is nothing to tinker with, it’s also not a component to take for granted. Adopting Traefik Proxy for this role can convey immediate and significant benefits.
Beyond Kubernetes, Traefik Proxy has an established pedigree for Layer 4, and Layer 7 routing and load balancing in multiple environments, including Docker, VMs, public clouds, and even bare metal. Additionally, enterprise-grade features and support are available through the commercial Traefik Enterprise offering.
Is it time to switch ingress controllers?
As modern IT moves toward Kubernetes, the choice of ingress controller becomes increasingly important. Microservices architectures, in particular, rely heavily on networking to link their components. In these environments, the limitations of an entry-level ingress controller can quickly become apparent.
One option is to choose an ingress system offered by a managed cloud service provider. Yet the risk of vendor lock-in may make this option untenable for many organizations. Traefik Proxy, on the other hand, offers a sophisticated ingress controller that is open source and supported by a thriving ecosystem of developers, which allows adopters to avoid the pitfalls of proprietary alternatives. Traefik Enterprise is built upon the open source Traefik Proxy and offers advanced features for demanding production-ready environments.
Simplified configuration and management
As an organization’s needs progress beyond the basics, understanding how to configure an ingress controller can be difficult.
What makes Traefik Proxy special, besides its numerous features, is that it automatically discovers routing configurations for your services. Traefik Proxy inspects your infrastructure, finds relevant information, and creates router matchers for your requests. In Traefik Proxy, each instance is its own master, meaning they all query the provider (Kubernetes API) for configuration updates.
For more demanding production-ready applications, Traefik Enterprise offers a distributed solution as it installs within a Kubernetes cluster a control plane and a set of ingress proxy pods. Thanks to the magic of Traefik’s unique providers and the Traefik Enterprise synchronization ability, only the controllers query the Kubernetes API server and then propagate that information to the proxies, which can then forward requests to services running as pods in the cluster. It’s practically hands-free.
Other features include built-in support for Let’s Encrypt for automated certificate management; automated traffic splitting based on custom weight definitions; automatic rate limiting; easy, no-code authentication; and more. All of these capabilities help save teams time and angst.
Uptime and Reliability
Most ingress controllers have their roots in traditional routing and load balancing. Software designed for traditional web architectures is not always well-suited for cloud-native applications, where microservice instances can be frequently created, scaled, and destroyed. For example, with some ingress controllers, a change to a Kubernetes ingress object may trigger the ingress controller to rebuild the entire configuration, necessitating a restart. In some cases, the auto-generated configuration can introduce errors that require manual intervention.
Traefik, on the other hand, was born of the cloud native era. From its inception, it was designed to avoid service outages due to reconfiguration and restarts, and this includes when it is deployed as a Kubernetes ingress controller. The service detects the environment and rebuilds its configuration dynamically, which means it is less prone to difficult-to-diagnose but significantly impactful failure modes, thereby improving uptimes and reducing operational burdens for engineers.
Monitoring
Traefik offers rich support for built-in observability features. and makes it easy to connect to external tools for practices such as log analysis, monitoring of key metrics, and application request tracing.
Among the tools with which Traefik can integrate are Datadog, the Elastic Stack, Jaeger, Prometheus, Zipkin, and more. This broad compatibility helps reassure operations teams that their requirements for monitoring Kubernetes can be realized while maintaining compatibility with existing investments.
Custom plugins
One of Traefik’s most popular features is the ability to add custom plugins. Traefik can load and use plugins that act as either middleware or provider, and they are a powerful feature for extending Traefik’s already impressive capabilities. The Traefik plugin system provides the extensibility and flexibility to cover use cases not provided out-of-the-box — a great asset for an ingress controller.
Plugins are written in Go and are executed on the fly by Yaegi, an embedded Go interpreter in Traefik Proxy. Source code for each plugin is hosted in a GitHub public repository, and the catalog is updated automatically when a new plugin is published on GitHub. All plugins are available in the Plugin Catalog, which is directly accessible from the Traefik dashboard and the Traefik Labs homepage. Read this article to learn more about plugins for Traefk and the Plugin Catalog.
Summary
As with any advanced infrastructure technology, adopting Kubernetes is a continual process that evolves as a team’s understanding of its own requirements and system capabilities improves. Networking is not always front-of-mind when building out a Kubernetes deployment. Still, the ingress controller is one of the most important components of any application environment built on Kubernetes as it defines and manages ingress traffic.
Traefik offers multiple advantages over other widely available ingress controllers. Yet the decision to switch to Traefik may meet resistance within the organization, owing to the perceived risk, effort, and expense associated with such a move. Understanding Traefik’s features and benefits is key to championing its use despite internal opposition.
To learn more about using Traefik as a Kubernetes ingress controller, read our white paper that explores some of the issues you’ll face and how Traefik helps address them.