Why Is APISIX Ingress a Better Choice Compared With Traefik?
November 4, 2022
What is Apache APISIX Ingress?
Apache APISIX Ingress is a Kubernetes Ingress controller that uses Apache APISIX as its data plane.
It supports multi-rules configurations:
- Ingress
- APISIX Ingress CRD (custom resource)
- Gateway API
Overall, Apache APISIX Ingress's architecture separates the data and control planes and lets Apache APISIX handle the traffic. Therefore, it improves overall security and significantly avoids attacks against Kubernetes clusters due to the attacks against the data plane.
What is Traefik?
Traefik is an open-source reverse proxy as well as a load balancer developed by Traefik Labs.
It supports multi-rules configurations in Kubernetes:
- Ingress
- Traefik IngressRoute (custom resource)
- Gateway API
Traefik is a unified binary file; thus, its control plane and its data plane's proxy logics are combined together. Therefore, if there are attacks against Traefik or exploitations of remote executive security vulnerabilities, then Kubernetes clusters could also be attacked.
Comparison
In the following sections, we will compare APISIX Ingress with Traefik from the following dimensions.
Supported Protocols
As a traffic gateway, its core capability is to handle proxy traffic correctly. Apache APISIX Ingress, as Kubernetes clusters' Ingress Gateway, mainly handles these two types of traffic:
- traffic between Client and Ingress
- traffic between Ingress and Upstream Service
It shows as follows:
Client <----> Ingress <----> Upstream Service
Nowadays, there are tons of different protocols. Here we list a simple table that compares APISIX Ingress with Traefik regarding protocols.
| Protocol | APISIX Ingress | Traefik |
|---|---|---|
| HTTP/HTTPS | Support | Support |
| HTTP/2 | Support | Support |
| HTTP/3 | Not Support | Support |
| TCP | Support | Support |
| UDP | Support | Support |
| WebSocket | Support | Support |
| Dubbo | Support | Not Support |
Besides that, either APISIX Ingress or Traefik supports protocols through HTTP/2 proxy or TCP proxy such as gRPC, MQTT, etc., so we didn't list them in the above table.
From the protocol perspective, either APISIX Ingress or Traefik has its own strengths. APISIX has a plan to support HTTP/3 in the future.
Extensibility
Extensibility has become a core indicator in technology selection due to diverse business needs. Both Apache Ingress and Traefik support feature extensions in their own ways. Let's introduce them one by one.
Apache APISIX Ingress
APISIX Ingress's feature extension is achieved by implementing custom plugins. Currently, it mainly supports the following three ways to develop plugins:
- Develop plugins via Lua: This way is relatively simple, and it won't have any cost of performance;
- Develop plugins via
--plugin-runner: Under this mode, users could develop plugins by using different coding languages such as JAVA/Python/Go so that they could utilize their current projects' logic without learning a new coding language; - Develop plugins via WASM modules: Under this mode, users could use any coding language that builds out WASM modules to develop plugins;
Furthermore, we could also directly write Lua codes via the serverless plugin to satisfy our business needs rapidly.
Of course, if you have experience in Lua modules developments, you could directly develop Lua modules and load them. However, you need to add the following configuration to make it work:
apisix:
...
extra_lua_path: "/path/to/example/?.lua"
Please refer to Apache APISIX plugin develop doc and How does APISIX Ingress support custom plugins for the detailed Plugin development steps and usages.
Traefik
Traefik also provides plugin mechanisms to extend its features. However, due to Traefik being developed by Go, its plugins must also use Go to develop.
You could refer to your developed plugin by adding the following contents to the Traefik configuration.
experimental:
localPlugins:
example:
moduleName: github.com/traefik/pluginproviderdemo
To be noticed, the plugin name must be the same as the module name.
In general, APISIX Ingress supports multiple extending methods, and users can choose the best method according to the actual situation. Furthermore, it allows users to select their preferred development tools and helps them integrate with their current business lines more conveniently. On the other hand, Traefik could only use Golang to develop.
Ecosystem
While making the technology selection, we will mainly consider the protocol used in the project, the project's ownership, and how we could integrate the controller with our current infrastructure.
| Comparison Aspect | APISIX Ingress | Traefik |
|---|---|---|
| Ownership | Apache Software Foundation(ASF) | Traefik Labs |
| Protocol | Apache 2.0 | MIT |
| Birth Time | June 2019 | August 2015 |
| consul | Support | Support |
| nacos | Support | Not Support |
| Eureka | Support | Not Support |
| etcd | Support | Support |
| zookeeper | Support | Support |
| DNS | Support | Not Support |
The above comparison contains contents from both the control and data planes. Furthermore, these two projects actively work and integrate with other projects in the ecosystem, such as Rancher, KubeSphere, etc.
From this perspective, compared to Traefik, APISIX has a better capability to integrate with basic components.
You could weigh the pros and cons of the basic components you are using while making technology selections.
User Feedback (User Cases)
Horizon robotics migrated from Traefik to Apache APISIX, mainly considering the following aspects:
- The configuration added via Annotation couldn't be reused easily.
- The default behavior of Traefik differs from NGINX, which confuses users during usage.
After Hozion switched to Apache APISIX Ingress, thanks to the rich extensions ecosystem of APISIX Ingress, most requirements could be achieved by the internal plugins. Besides that, users could directly define the configuration of plugins through APISIX Ingress's ApisixRoute resource, which is very straightforward. Furthermore, users could also configure the configuration of the plugin module via ApisixPluginConfig, and it could be referred to in other ApisixRoute resources.
APISIX Ingress has excellent data plane performance and can efficiently handle increasing traffic without a performance bottleneck.
Apart from Horizon, companies like igetcool and gwwisdom also use APISIX Ingress to replace Traefik. Please refer to User Cases for more client use cases.
Furthermore, Apache APISIX has a highly active community, and you can get rapid responses and solutions in the channels like Github, Slack, etc.
Conclusion
This article compares Apache APISIX Ingress with Traefik regards protocols, extensibility, and ecosystem.
Apache Ingress has certain advantages in the fields of extensibility and ecosystem integration. Users could extend the features of APISIX Ingress and integrate with some basic components more efficiently.
We hope this article will give you some hints while choosing your Kubernetes Ingress controller.