---
title: Traefik ingress
description: A guide to adding ingress.
---

## Prerequisites

This section follows on from [Add Longhorn Storage](/guides/local-vagrant-cluster-storage/). Be sure to complete that before commencing with this.

if not already shelled into the workstation, from `/home/user/projects/infctl-cli` we need to change directory to

```bash
cd vagrant/dev/ubuntu/
```
so we can ssh to the workstation

```bash
vagrant ssh workstation
```

## Familiarise yourself with …

* [install_metallb.sh](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/scripts/install_metallb.sh) applies a kubernetes manifest to install metallb and then applies an `IPAddressPool` and `L2Advertisement` which will be used later by `traefik` to access a loadbalancer in order to expose services so that we can access them from outside of kubernetes. This is a key part of MVK and one which does not exist in Kubernetes as this is typically expected to be provided by a managed kubernetes cloud service.
* [install_traefik.sh](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/scripts/install_traefik.sh) sets up some custom variables to enable an internal dashboard, ports for ingress, log level and loadbalancer.

## Run the pipelines …

The [metallb pipeline](https://codeberg.org/headshed/infctl-cli/src/branch/main/vagrant/dev/ubuntu/pipelines/vagrant-metallb.json) can be run with :


```bash
LOG_FORMAT=basic infctl -f pipelines/vagrant-metallb.json
```

traefik ingress can be installed with 

```bash
LOG_FORMAT=basic infctl -f pipelines/vagrant-ingress.json
```

## Smoke test ingress

If all has gone well, we should now be able to get the service for `traefik` and see an external IP address and type of `LoadBalancer` :

```bash
kubectl -n traefik get svc
NAME      TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE
traefik   LoadBalancer   10.43.5.252   192.168.56.230   80:32066/TCP,443:32410/TCP   16s
```

Here the address of `192.168.56.230` is available to use to ingress route our services, pods and Kubernetes hosted apps on both plain text port 89 and over TLS https on port 443.

We will be able next to assign a certificate to this 2nd port such that `traefik` will be able to serve URL's on that port to our pods and apps. 

Initially this will use a self signed certificate but we will be able to crate our own CA and have a secure connection without browser warnings on our local, vagrant mks cluster environment.