Why Is APISIX Ingress Controller a Better Choice Compared with Traefik?

Jintao Zhang

Jintao Zhang

November 4, 2022

Products

What is Apache APISIX Ingress Controller?

Apache APISIX Ingress Controller is a Kubernetes Ingress controller that uses Apache APISIX as its data plane.

It supports multi-rules configurations:

  • Ingress
  • APISIX Ingress CRD (custom resource)
  • Gateway API

Overall, Apache APISIX Ingress Controller's architecture separates the data and control planes and lets Apache APISIX handle the traffic. Therefore, it improves overall security and significantly avoids attacks against Kubernetes clusters due to the attacks against the data plane.

APISIX Ingress Controller architecture

What is Traefik?

Traefik is an open-source reverse proxy as well as a load balancer developed by Traefik Labs.

It supports multi-rules configurations in Kubernetes:

  • Ingress
  • Traefik IngressRoute (custom resource)
  • Gateway API

Traefik is a unified binary file; thus, its control plane and its data plane's proxy logics are combined together. Therefore, if there are attacks against Traefik or exploitations of remote executive security vulnerabilities, then Kubernetes clusters could also be attacked.

Traefik architecture

Comparison

In the following sections, we will compare APISIX Ingress Controller with Traefik from the following dimensions.

Supported Protocols

As a traffic gateway, its core capability is to handle proxy traffic correctly. Apache APISIX Ingress Controller, as Kubernetes clusters' Ingress Gateway, mainly handles these two types of traffic:

  • traffic between Client and Ingress
  • traffic between Ingress and Upstream Service

It shows as follows:

Client  <---->  Ingress  <---->  Upstream Service

Nowadays, there are tons of different protocols. Here we list a simple table that compares APISIX Ingress Controller with Traefik regarding protocols.

ProtocolAPISIX Ingress ControllerTraefik
HTTP/HTTPSSupportSupport
HTTP/2SupportSupport
HTTP/3Not SupportSupport
TCPSupportSupport
UDPSupportSupport
WebSocketSupportSupport
DubboSupportNot Support

Besides that, either APISIX Ingress Controller or Traefik supports protocols through HTTP/2 proxy or TCP proxy such as gRPC, MQTT, etc., so we didn't list them in the above table.

From the protocol perspective, either APISIX Ingress Controller or Traefik has its own strengths. APISIX has a plan to support HTTP/3 in the future.

Extensibility

Extensibility has become a core indicator in technology selection due to diverse business needs. Both Apache Ingress and Traefik support feature extensions in their own ways. Let's introduce them one by one.

Apache APISIX Ingress Controller

APISIX Ingress Controller's feature extension is achieved by implementing custom plugins. Currently, it mainly supports the following three ways to develop plugins:

  • Develop plugins via Lua: This way is relatively simple, and it won't have any cost of performance;
  • Develop plugins via --plugin-runner: Under this mode, users could develop plugins by using different coding languages such as JAVA/Python/Go so that they could utilize their current projects' logic without learning a new coding language;
  • Develop plugins via WASM modules: Under this mode, users could use any coding language that builds out WASM modules to develop plugins;

Furthermore, we could also directly write Lua codes via the serverless plugin to satisfy our business needs rapidly.

Of course, if you have experience in Lua modules developments, you could directly develop Lua modules and load them. However, you need to add the following configuration to make it work:

apisix:
    ...
    extra_lua_path: "/path/to/example/?.lua"

Please refer to Apache APISIX plugin develop doc and How does APISIX Ingress Controller support custom plugins for the detailed Plugin development steps and usages.

Traefik

Traefik also provides plugin mechanisms to extend its features. However, due to Traefik being developed by Go, its plugins must also use Go to develop.

You could refer to your developed plugin by adding the following contents to the Traefik configuration.

experimental:
  localPlugins:
    example:
      moduleName: github.com/traefik/pluginproviderdemo

To be noticed, the plugin name must be the same as the module name.

In general, APISIX Ingress Controller supports multiple extending methods, and users can choose the best method according to the actual situation. Furthermore, it allows users to select their preferred development tools and helps them integrate with their current business lines more conveniently. On the other hand, Traefik could only use Golang to develop.

Ecosystem

While making the technology selection, we will mainly consider the protocol used in the project, the project's ownership, and how we could integrate the controller with our current infrastructure.

Comparison AspectAPISIX Ingress ControllerTraefik
OwnershipApache Software Foundation(ASF)Traefik Labs
ProtocolApache 2.0MIT
Birth TimeJune 2019August 2015
consulSupportSupport
nacosSupportNot Support
EurekaSupportNot Support
etcdSupportSupport
zookeeperSupportSupport
DNSSupportNot Support

The above comparison contains contents from both the control and data planes. Furthermore, these two projects actively work and integrate with other projects in the ecosystem, such as Rancher, KubeSphere, etc.

From this perspective, compared to Traefik, APISIX has a better capability to integrate with basic components.

You could weigh the pros and cons of the basic components you are using while making technology selections.

User Feedback (User Cases)

Horizon robotics migrated from Traefik to Apache APISIX, mainly considering the following aspects:

  • The configuration added via Annotation couldn't be reused easily.
  • The default behavior of Traefik differs from NGINX, which confuses users during usage.

After Hozion switched to Apache APISIX Ingress Controller, thanks to the rich extensions ecosystem of APISIX Ingress Controller, most requirements could be achieved by the internal plugins. Besides that, users could directly define the configuration of plugins through APISIX Ingress Controller's ApisixRoute resource, which is very straightforward. Furthermore, users could also configure the configuration of the plugin module via ApisixPluginConfig, and it could be referred to in other ApisixRoute resources.

Horizon Architecture Diagram

APISIX Ingress Controller has excellent data plane performance and can efficiently handle increasing traffic without a performance bottleneck.

Apart from Horizon, companies like igetcool and gwwisdom also use APISIX Ingress Controller to replace Traefik. Please refer to User Cases for more client use cases.

Furthermore, Apache APISIX has a highly active community, and you can get rapid responses and solutions in the channels like Github, Slack, etc.

Conclusion

This article compares Apache APISIX Ingress Controller with Traefik regards protocols, extensibility, and ecosystem.

Apache Ingress has certain advantages in the fields of extensibility and ecosystem integration. Users could extend the features of APISIX Ingress Controller and integrate with some basic components more efficiently.

We hope this article will give you some hints while choosing your Kubernetes Ingress controller.

Tags:
APISIX Ingress ControllerKubernetesTraefikComparison to Competitors