Webinar Q & A: Simplifying Infrastructure and Network Automation with HashiCorp and Traefik

Webinar Q & A: Simplifying Infrastructure and Network Automation with HashiCorp and Traefik.md

Webinar Q & A: Simplifying Infrastructure and Network Automation with HashiCorp and Traefik

• Question: Can you provide Traefik with a Vault token as an environment variable?

  Answer: Not today, but you can use Vault integration on K8s, Nomad or Vault agent to pull from Vault and render the yaml.

• Question: Is host networking required?

  Answer: No.

• Question: Is Traefik Enterprise required to use local TLS certs?

  Answer: No. Traefik Enterprise provides additional TLS management options (like the Vault integrations shown during the webinar and others), but user defined certificates can be used in Traefik Proxy as well. See the Traefik TLS docs for more details.

• Question: Will plugins for Traefik OSS also cover cert resolvers in the future (currently only middleware are covered), so one could write their own cert resolver?

  Answer: Traefik v2.5 introduces support for provider plugins, expanding the plugin framework support beyond custom middleware. Please feel free to open an issue to request further enhancements to plugins.

• Question: Could you briefly describe how Traefik Enterprise is licensed? Whether it's priced by instance/route/throughout etc. or if flat rate. And, is there tiering?

  Answer: Traefik Enterprise is licensed per instance/environment. Tiers are differentiated by options like SLA and redundancy. Please see our pricing page to request more info tailored to your specific use case.

• Question: What algorithms can Traefik use to route traffic between multiple instances of a service running in Nomad? Round-robin, others?

  Answer: Traefik’s default algorithm is round-robin, which can be used through tags on Nomad services using the Consul Catalog provider. Traefik also supports weighted round robin and mirroring services, but these must be configured using the File provider.

• Question: How does Traefik talk to Consul? How does it get a services list?

  Answer: Traefik uses the Consul API to obtain service list and tags from Consul. This communication occurs over HTTP or HTTPS, depending on how you configure it. The Consul address and configuration is defined in the Traefik configuration with the Consul Catalog provider.

• Question: Is connect-native app integration going to stay? The docs list it as "not under active development". What are Traefik's options for the future?

  Answer: There are no current plans to remove Connect Native.

• Question: ​​Anything different to consider/keep-in-mind if Traefik is run as a "raw_exec" job. Also, same question if the workload (whoami) was run as a "raw_exec" type of job.

  Answer: No, it should work as we showed. However please do verify the need to use raw_exec as this provides no isolation. Further, the task is started as the same user as the Nomad process. As such, it should be used with extreme care and is disabled by default.

• Question: I can see the connect service showing up in Traefik, but I’m also getting a bad gateway. Intentions are created - Traefik to dashboard. Did I miss something?

  Answer: Please review the recording as we covered that during the session. Thank you.

• Question: How does Traefik get a service list from Consul? What protocol does it use for service discovery from Consul?

  Answer: Consul maintains a service registry, and Traefik uses the Consul API to obtain service list and tags from Consul. This communication occurs over HTTP or HTTPS, depending on how you configure it.

• Question: Does Traefik support Consul enterprise namespaces?

  Answer: Not yet, but there is a pull request in review.