mvk/src/content/docs/guides/local-vagrant-cluster-ingress.md

---
title: Traefik ingress
description: A guide to adding ingress.
---

## Prerequisites

This section follows on from [Add Longhorn Storage](/guides/local-vagrant-cluster-storage/). Be sure to complete that before commencing with this.

if not already shelled into the workstation, from `/home/user/projects/infctl-cli` we need to change directory to

```bash
cd vagrant/dev/ubuntu/
```
so we can ssh to the workstation

```bash
vagrant ssh workstation
```

## Familiarise yourself with …

* [install_metallb.sh](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/scripts/install_metallb.sh) applies a kubernetes manifest to install metallb and then applies an `IPAddressPool` and `L2Advertisement` which will be used later by `traefik` to access a loadbalancer in order to expose services so that we can access them from outside of kubernetes. This is a key part of MVK and one which does not exist in Kubernetes as this is typically expected to be provided by a managed kubernetes cloud service.
* [install_traefik.sh](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/scripts/install_traefik.sh) sets up some custom variables to enable an internal dashboard, ports for ingress, log level and loadbalancer.

## Run the pipelines …

The [metallb pipeline](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/pipelines/vagrant-metallb.json) can be run with :


```bash
LOG_FORMAT=basic infctl -f pipelines/vagrant-metallb.json
```

traefik ingress can be installed with 

```bash
LOG_FORMAT=basic infctl -f pipelines/vagrant-ingress.json
```

## Smoke test ingress

If all has gone well, we should now be able to get the service for `traefik` and see an external IP address and type of `LoadBalancer` :

```bash
kubectl -n traefik get svc
NAME      TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE
traefik   LoadBalancer   10.43.5.252   192.168.56.230   80:32066/TCP,443:32410/TCP   16s
```

Here the address of `192.168.56.230` is available to use to ingress route our services, pods and Kubernetes hosted apps on both plain text port 89 and over TLS https on port 443.

We will be able next to assign a certificate to this 2nd port such that `traefik` will be able to serve URL's on that port to our pods and apps. 

Initially this will use a self signed certificate but we will be able to crate our own CA and have a secure connection without browser warnings on our local, vagrant mks cluster environment.
Add guides for Longhorn storage and Traefik ingress; update local Vagrant cluster documentation 2025-08-24 18:20:33 +01:00			`---`
			`title: Traefik ingress`
			`description: A guide to adding ingress.`
			`---`

Update local Vagrant cluster guides with prerequisites and installation instructions for Traefik and Longhorn 2025-08-25 15:13:37 +01:00			`## Prerequisites`

Add guides for Longhorn storage and Traefik ingress; update local Vagrant cluster documentation 2025-08-24 18:20:33 +01:00			`This section follows on from [Add Longhorn Storage](/guides/local-vagrant-cluster-storage/). Be sure to complete that before commencing with this.`

Update local Vagrant cluster guides with prerequisites and installation instructions for Traefik and Longhorn 2025-08-25 15:13:37 +01:00			if not already shelled into the workstation, from `/home/user/projects/infctl-cli` we need to change directory to

			```bash
			`cd vagrant/dev/ubuntu/`
			```
			`so we can ssh to the workstation`

			```bash
			`vagrant ssh workstation`
			```

			`## Familiarise yourself with …`

			* [install_metallb.sh](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/scripts/install_metallb.sh) applies a kubernetes manifest to install metallb and then applies an `IPAddressPool` and `L2Advertisement` which will be used later by `traefik` to access a loadbalancer in order to expose services so that we can access them from outside of kubernetes. This is a key part of MVK and one which does not exist in Kubernetes as this is typically expected to be provided by a managed kubernetes cloud service.
			`* [install_traefik.sh](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/scripts/install_traefik.sh) sets up some custom variables to enable an internal dashboard, ports for ingress, log level and loadbalancer.`

			`## Run the pipelines …`

			`The [metallb pipeline](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/pipelines/vagrant-metallb.json) can be run with :`
Add guides for Longhorn storage and Traefik ingress; update local Vagrant cluster documentation 2025-08-24 18:20:33 +01:00

			```bash
			`LOG_FORMAT=basic infctl -f pipelines/vagrant-metallb.json`
			```

Update local Vagrant cluster guides with prerequisites and installation instructions for Traefik and Longhorn 2025-08-25 15:13:37 +01:00			`traefik ingress can be installed with`
Add guides for Longhorn storage and Traefik ingress; update local Vagrant cluster documentation 2025-08-24 18:20:33 +01:00
			```bash
			`LOG_FORMAT=basic infctl -f pipelines/vagrant-ingress.json`
Update local Vagrant cluster guides with prerequisites and installation instructions for Traefik and Longhorn 2025-08-25 15:13:37 +01:00			```

			`## Smoke test ingress`

			If all has gone well, we should now be able to get the service for `traefik` and see an external IP address and type of `LoadBalancer` :

			```bash
			`kubectl -n traefik get svc`
			`NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE`
			`traefik LoadBalancer 10.43.5.252 192.168.56.230 80:32066/TCP,443:32410/TCP 16s`
			```

			Here the address of `192.168.56.230` is available to use to ingress route our services, pods and Kubernetes hosted apps on both plain text port 89 and over TLS https on port 443.

			We will be able next to assign a certificate to this 2nd port such that `traefik` will be able to serve URL's on that port to our pods and apps.

			`Initially this will use a self signed certificate but we will be able to crate our own CA and have a secure connection without browser warnings on our local, vagrant mks cluster environment.`