Announcing Traefik Proxy 2.5

With Kubernetes 1.22 support, Consul Connect integration, Private Plugins, Provider Plugins, HTTP/3, TCP Middleware, and more

We are very happy to announce the general availability of Traefik Proxy 2.5: the latest model of our capable, open source, dynamic, cloud-native edge router, and application proxy. This article offers a high level overview of the changes in Traefik Proxy v2.5.

Kubernetes 1.22 API changes

Kubernetes 1.22 has just been released, and with it are several breaking changes in the core Kubernetes APIs.

Kubernetes v1.22 has dropped support for the old CustomResourceDefiniton API version: Here are the latest Traefik Proxy CRDs, using the updated API: The Traefik Proxy Helm chart also includes this update.

Kubernetes v1.22 has dropped support for the old Ingress API versions extensions/v1beta1 and If you are upgrading to Kubernetes v1.22, and you have this version of Ingress deployed in your cluster, you will need to upgrade to the Ingress version

Traefik v2.5 has also dropped support for the oldest of the Ingress API versions extensions/v1beta1, and now only supports Ingress (Kubernetes v1.14+) and (Kubernetes v1.19+ and new in Traefik v2.5). Please check out the Traefik Proxy migration guide for more details.

Consul Connect

Traefik Proxy v2.5 adds support for Consul Connect, which enables you to use Traefik Proxy as a point of ingress from the outside world, directly into your internal service mesh.

The new Consul Connect command line flags are:

With connectAware turned on, Traefik can communicate directly to Consul Connect protected services, using Mutual TLS certificates, with no sidecar proxy required in the Traefik Pod.

Stay tuned for an upcoming blog post which will present a technical deep dive into Traefik Proxy 2.5 with Consul Connect.

Local Plugins

Plugins can be loaded to add new middleware to Traefik Proxy. Traefik Proxy v2.5 adds support for loading plugins directly from the filesystem.

Put your plugin source code into the /plugins-local directory and enable each plugin in the dynamic config:

Local plugins configuration. (Default: false)

plugin's module name.

Stay tuned for an upcoming blog post which will present how to bundle your own plugins in a container image.

Provider Plugins

Traefik Proxy sources its dynamic configuration from Providers. Configuration becomes automatic, and pulls configuration directly from metadata stored in your container orchestration platform (eg. Docker labels, Kubernetes CRDs, File on disk, etc.) Many such providers are ubiquitous, and are therefore provided as builtin providers. With Traefik Proxy v2.5 comes the ability to create Provider Plugins.

Here is a demo provider plugin. Stay tuned for an upcoming blog post and technical deep dive for provider plugins.

HTTP/3 (experimental)

HTTP/3 has no accepted specification yet, but there is new support for a draft version of HTTP/3 in Traefik Proxy v2.5. You can turn this experimental feature on with these command line flags:

Enable HTTP3. (Default: false)

Enable HTTP3. (Default: false)

More information can be found in the Entrypoint documentation.

TCP Middleware

TCP Middleware has been added in Traefik v2.5, which is analogous to the existing HTTP middleware, but for general TCP packet processing. The documentation has added a new TCP middleware example:

# Example docker label:
 # Filter IP address source ranges:
 - "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=,"

Lots more!

There's lots more than we have the space to talk about here, register for our upcoming online meetup to see all the new features in action. You can also check out the CHANGELOG for more information.

Big thank you to our community

We wish to thank the following community members for helping making commits in Traefik Proxy v2.5: Sylvain Rabot, Florian Apolloner, Mohammad Gufran, Henning, na4ma4, jcuzzi, Wouter Dullaert, Wei Lun, Sune Keller, Rio Kierkels, Richard Kojedzinszky, Luca Berneking, Linden Krouse, Leonardo Araoz, Jorge Arco, Joel Berger, Harold Ozouf, HMH, Gian Ortiz, Dmitry Sharshakov, Cirrith, and Andreas Fitzek.