Traefik 2.2: Smarter Edge Gateways for Kubernetes
K8s Guru
2 min read
Table of Contents
Introduction
Traefik 2.2, released on April 21, 2020, evolves the Kubernetes edge controller into a smart gateway with middleware chains for TCP, service mesh interoperability, and a new Traefik Pilot control plane.
TCP Middleware & Advanced Routing
- Apply authentication, rate limiting, and IP whitelisting to TCP routes using the same CRD syntax as HTTP.
- SNI-based routing supports database or MQTT traffic without terminating TLS.
- Canary and mirroring logic now spans both HTTP and TCP, enabling gradual rollouts for stateful protocols.
Consul Connect & Service Mesh Integration
- Traefik acts as an ingress/egress proxy for Consul Connect, bridging Kubernetes workloads and VM services.
- Native support for mTLS certificates issued by Consul’s CA simplifies zero-trust adoption.
- CRDs map Connect services to Traefik services automatically, reducing duplication.
Traefik Pilot
- Cloud-based dashboard monitors Traefik instances, surfacing configuration drift, CVEs, and certificate expiration warnings.
- Plugin hub distributes WASM and middleware plugins that can be activated via Pilot.
- Optional anonymized telemetry feeds best practice recommendations back to operators.
Getting Started
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.2/docs/content/reference/dynamic-configuration/kubernetes-crd.yaml
Define a TCP middleware:
apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP
metadata:
name: postgres-auth
spec:
ipWhiteList:
sourceRange:
- 10.0.0.0/16
Summary
| Aspect | Details |
|---|---|
| Release Date | April 21, 2020 |
| Headline Features | TCP middlewares, Consul Connect integration, Traefik Pilot |
| Why it Matters | Extends Traefik from ingress controller to intelligent, protocol-aware edge gateway |
Traefik 2.2 helps platform teams secure and observe traffic of all shapes while leaning on Kubernetes-native CRDs.