I was using Traefik just as a TLS proxy and load balancing. Does it make sense for me to just get rid of Traefik and use Oathkeeper for this instead? Is it relatively common to see people completely replace something like Traefik with Oathkeeper?
1 Like
Aren’t they totally different?
ORY Oathkeeper is a BeyondCorp/Zero Trust Identity & Access Proxy (IAP) with configurable authentication, authorization, and request mutation rules for your web services: Authenticate JWT, Access Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the request; Encode resulting content into custom headers (
X-User-ID), JSON Web Tokens and more!
You gain lots more. It’s common to have an API gateway or LB infront of this I think.
Aren’t they totally different?
No, there is some overlap. Both are reverse proxies, both can do TLS termination, handle routing and load balancing, as well as auth.
You can also manipulate headers in Traefik.
I’m not an expert in either one, but from what I’ve seen from using both so far, it looks like Traefik is just for edge routing while Oathkeeper can do edge routing as well as service to service routing.
Oathkeeper is obviously also far more robust in terms of auth / security stuff since that’s its focus. But I am asking more if there is any good reason to keep Traefik just for TLS termination and load balancing if Oathkeeper does that too.
I could be wrong, but after learning more about it I think the answer is it should be fine to not use Traefik and just use Oathkeeper for both.