This guide walks you through exposing your applications using Ingress or Gateway API on your Kubernetes cluster, with the necessary configurations for Hetzner Cloud Load Balancers configured to work with our platform.

You can use any Ingress Controller or Gateway API implementation, but this guide will use Traefik as an example.

## Prerequisites

- [Helm installed](https://helm.sh/docs/intro/install/)
- Access to a running Kubernetes cluster via kubectl

## Step 1: Add the Traefik Helm Repository

{% terminal height="6rem" steps="[{\"command\":\"helm repo add traefik https://traefik.github.io/charts\"}, {\"command\":\"helm repo update\"}]" /%}

## Step 2: Create a Namespace (optional)

{% terminal height="5rem" steps="[{\"command\":\"kubectl create namespace traefik\"}]" /%}

## Step 3: Install Traefik with Required Annotations

Install the chart with a custom `values.yaml` to apply the Hetzner Load Balancer annotations, replacing `fsn1` and `lb11` with your desired region and load balancer type:

```yaml
service:
  type: LoadBalancer
  annotations:
    load-balancer.hetzner.cloud/location: fsn1
    load-balancer.hetzner.cloud/type: lb11
providers:
  kubernetesGateway:
    enabled: true
gateway:
  listeners:
    web:
      namespacePolicy:
        from: All
```

Then install with:

{% terminal height="8rem" steps="[{\"command\":\"helm install traefik traefik/traefik \\\\\\n  --namespace traefik \\\\\\n  -f values.yaml\"}]" /%}

For more information on the annotations, refer to the [Configuring a Hetzner Load Balancer](/docs/hetzner/apalla/how-to-guides/network/configuring-a-hetzner-loadbalancer) guide.

## Step 4: Verify Installation

Wait a few seconds and run:

{% terminal height="5rem" steps="[{\"command\":\"kubectl get svc -n traefik\"}]" /%}

You should see an external IP assigned to the Traefik service. This means the Hetzner Load Balancer is provisioned and working.

## Exposing a sample application

Apply the following `sample.yaml` file to the cluster:

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
spec:
  replicas: 2
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
spec:
  ports:
    - port: 80
  selector:
    app: whoami
```

{% terminal height="5rem" steps="[{\"command\":\"kubectl apply -f sample.yaml\"}]" /%}

### Using Ingress API

Apply the sample `ingress.yaml` to your cluster:

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
  ingressClassName: traefik
  rules:
    - host: example-ingress.test
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: whoami
                port:
                  number: 80
```

{% terminal height="5rem" steps="[{\"command\":\"kubectl apply -f ingress.yaml\"}]" /%}

Now, try to access the sample application:

{% terminal height="5rem" steps="[{\"command\":\"curl http://example-ingress.test\"}]" /%}

You can also visit http://example-ingress.test in your browser to verify that the application is exposed correctly.

{% callout type="note" %}
You will only be able to reach the application if there is an actual DNS record pointing from the domain to the Load Balancer's IP address.
{% /callout %}

### Using Gateway API

First, install the Gateway API CRDs in your cluster:

{% terminal height="5rem" steps="[{\"command\":\"kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml\"}]" /%}

Then create a Gateway and a HTTPRoute. Here's an example `gateway.yaml` containing both:

```yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: traefik-gateway
  namespace: traefik
spec:
  gatewayClassName: traefik
  listeners:
    - name: web
      port: 80
      protocol: HTTP
      allowedRoutes:
        namespaces:
          from: All
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: example
spec:
  parentRefs:
    - name: traefik-gateway
      namespace: traefik
  hostnames:
    - "example-gatewayapi.test"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: whoami
          port: 80
```

{% terminal height="5rem" steps="[{\"command\":\"kubectl apply -f httproute.yaml\"}]" /%}

Now, try to access the sample application:

{% terminal height="5rem" steps="[{\"command\":\"curl http://example-gatewayapi.test\"}]" /%}

You can also visit http://example-gatewayapi.test in your browser to verify that the application is exposed correctly.

{% callout type="note" %}
You will only be able to reach the application if there is an actual DNS record poiting from the domain to the Load Balancer's IP address.
{% /callout %}