# Install a Loadbalancer (MetalLB) and Ingress Controller (Nginx or Traefik) on a default Talos Linux cluster

## MetalLB - Install and Configure

```shell
# add repo and install
helm repo add metallb https://metallb.github.io/metallb
helm repo update
helm install metallb metallb/metallb -n metallb-system --create-namespace --wait

# fix pod security for speaker pods
kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged
kubectl label namespace metallb-system pod-security.kubernetes.io/audit=privileged
kubectl label namespace metallb-system pod-security.kubernetes.io/warn=privileged

# restart speaker daemonset
kubectl rollout restart daemonset/metallb-speaker -n metallb-system
```

```shell
cat <<EOF | kubectl apply -f -
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: nginx-ingress-pool
  namespace: metallb-system
spec:
  addresses:
  - 10.8.15.175/32
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: nginx-ingress-pool
  namespace: metallb-system
spec:
  ipAddressPools:
  - nginx-ingress-pool
EOF
```

## NGINX - Install and Configure (option 1)

```shell

# add worker labels (if needed)
kubectl label node w-01 node-role.kubernetes.io/worker=""
kubectl label node w-02 node-role.kubernetes.io/worker=""
kubectl label node w-03 node-role.kubernetes.io/worker=""

# install nginx-ingress
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
  -n ingress-nginx --create-namespace \
  --set controller.service.type=LoadBalancer \
  --set controller.nodeSelector."node-role\.kubernetes\.io/worker"=""
```

## Traefik - Install and Configure (option 2)

### Configure and Install

```shell
cat <<EOF > traefik-values.yaml
service:
  type: LoadBalancer
nodeSelector:
  node-role.kubernetes.io/worker: ""
additionalArguments:
  - "--certificatesresolvers.letsencrypt.acme.email=your-email@domain.com"
  - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
  - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
EOF

helm install traefik traefik/traefik -n traefik-system --create-namespace -f traefik-values.yaml
```