Exposing applications using Ingress or Gateway API

This guide walks you through exposing your applications using Ingress or Gateway API on your Kubernetes cluster, with the necessary configurations for Hetzner Cloud Load Balancers configured to work with our platform.

You can use any Ingress Controller or Gateway API implementation, but this guide will use Traefik as an example.

Prerequisites

Helm installed
Access to a running Kubernetes cluster via kubectl

Step 1: Add the Traefik Helm Repository

Step 2: Create a Namespace (optional)

Step 3: Install Traefik with Required Annotations

Install the chart with a custom values.yaml to apply the Hetzner Load Balancer annotations, replacing fsn1 and lb11 with your desired region and load balancer type:

yaml

service: type: LoadBalancer annotations: // [!code tooltip:fsn1:1:Should match the region set on the Cluster resource] load-balancer.hetzner.cloud/location: fsn1 // [!code tooltip:lb11:1:Should match the type set on the Cluster resource] load-balancer.hetzner.cloud/type: lb11 // [!code tooltip:providers:8:You can remove these blocks if you don't want to use the Gateway API] providers: kubernetesGateway: enabled: true gateway: listeners: web: namespacePolicy: from: All

Then install with:

For more information on the annotations, refer to the Configuring a Hetzner Load Balancer guide.

Step 4: Verify Installation

Wait a few seconds and run:

You should see an external IP assigned to the Traefik service. This means the Hetzner Load Balancer is provisioned and working.

Exposing a sample application

Apply the following sample.yaml file to the cluster:

yaml

apiVersion: apps/v1 kind: Deployment metadata: name: whoami spec: replicas: 2 selector: matchLabels: app: whoami template: metadata: labels: app: whoami spec: containers: - name: whoami image: traefik/whoami ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: whoami spec: ports: - port: 80 selector: app: whoami

Using Ingress API

Apply the sample ingress.yaml to your cluster:

yaml

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: whoami annotations: traefik.ingress.kubernetes.io/router.entrypoints: web spec: ingressClassName: traefik rules: - host: example-ingress.test http: paths: - path: / pathType: Prefix backend: service: name: whoami port: number: 80

Now, try to access the sample application:

You can also visit http://example-ingress.test in your browser to verify that the application is exposed correctly.

note

You will only be able to reach the application if there is an actual DNS record pointing from the domain to the Load Balancer's IP address.

Using Gateway API

First, install the Gateway API CRDs in your cluster:

Then create a Gateway and a HTTPRoute. Here's an example gateway.yaml containing both:

yaml

apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: traefik-gateway namespace: traefik spec: gatewayClassName: traefik listeners: - name: web port: 80 protocol: HTTP allowedRoutes: namespaces: from: All --- apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: example spec: parentRefs: - name: traefik-gateway namespace: traefik hostnames: // [!code tooltip:example-gatewayapi.test:1:Should be a domain name pointing to the service LB's IP address] - "example-gatewayapi.test" rules: - matches: - path: type: PathPrefix value: / backendRefs: - name: whoami port: 80

Now, try to access the sample application:

You can also visit http://example-gatewayapi.test in your browser to verify that the application is exposed correctly.

note

You will only be able to reach the application if there is an actual DNS record poiting from the domain to the Load Balancer's IP address.