diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml
index f63b7df..0d0b838 100644
--- a/.github/workflows/k8s_traefik_init_setup.yml
+++ b/.github/workflows/k8s_traefik_init_setup.yml
@@ -39,33 +39,52 @@ jobs:
         kubectl config set-credentials runner --token="$SA_TOKEN"
         kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
         kubectl config use-context runner-context
-  
-    - name: Install Buildx Standalone
-      run: |
-        mkdir -p ~/.docker/cli-plugins/
-        curl -sSL https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-amd64 \
-          -o ~/.docker/cli-plugins/docker-buildx
-        chmod +x ~/.docker/cli-plugins/docker-buildx
-        docker buildx version
 
     # -----------------------------------------------------
-    # Build & Push Docker Image (ARC-compatible, no Docker)
+    # Install buildctl (standalone BuildKit client)
     # -----------------------------------------------------
-    - name: Build & Push Traefik Image (ARC-compatible)
-      uses: docker/build-push-action@v5
+    - name: Install buildctl (BuildKit CLI)
+      run: |
+        apt-get update && apt-get install -y curl
+        curl -sSL https://github.com/moby/buildkit/releases/download/v0.12.5/buildkit-v0.12.5.linux-amd64.tar.gz -o buildkit.tar.gz
+        tar -xzf buildkit.tar.gz
+        mv bin/buildctl /usr/local/bin/
+        chmod +x /usr/local/bin/buildctl
+        buildctl --version
+
+    # -----------------------------------------------------
+    # Log in to Docker Hub (registry auth for buildctl)
+    # -----------------------------------------------------
+    - name: Docker Hub Login for buildctl
+      run: |
+        echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | \
+          buildctl login docker.io \
+          --username ${{ secrets.DOCKER_HUB_USERNAME }} \
+          --password-stdin
+
+    # -----------------------------------------------------
+    # Build & Push Docker Image (NO Docker, NO Buildx, NO Daemon)
+    # -----------------------------------------------------
+    - name: Build & Push Traefik Image (ARC-safe buildctl)
       env:
-        BUILDKIT_SBOM_SCAN_STATUS: disabled
-      with:
-        context: ${{ github.workspace }}/traefik
-        file: ${{ github.workspace }}/traefik/Dockerfile
-        platforms: linux/amd64
-        push: true
-        provenance: false
-        sbom: false
-        builder: default
-        tags: |
-          docker.io/kimjunte/edge_router:${{ github.sha }}
-          docker.io/kimjunte/edge_router:latest
+        IMAGE_TAG: docker.io/kimjunte/edge_router:${{ github.sha }}
+        LATEST_TAG: docker.io/kimjunte/edge_router:latest
+      run: |
+        # Build SHA-tagged image
+        buildctl build \
+          --frontend dockerfile.v0 \
+          --local context="${GITHUB_WORKSPACE}/traefik" \
+          --local dockerfile="${GITHUB_WORKSPACE}/traefik" \
+          --opt platform=linux/amd64 \
+          --output type=image,name=${IMAGE_TAG},push=true
+
+        # Build latest tag
+        buildctl build \
+          --frontend dockerfile.v0 \
+          --local context="${GITHUB_WORKSPACE}/traefik" \
+          --local dockerfile="${GITHUB_WORKSPACE}/traefik" \
+          --opt platform=linux/amd64 \
+          --output type=image,name=${LATEST_TAG},push=true
 
     # -----------------------------------------------------
     # Apply Storage Classes + PVCs