diff --git a/.github/workflows/k8s_traefik_init_setup.yml b/.github/workflows/k8s_traefik_init_setup.yml
new file mode 100644
index 0000000..6489730
--- /dev/null
+++ b/.github/workflows/k8s_traefik_init_setup.yml
@@ -0,0 +1,130 @@
+name: K8s Bootstrap Setup
+
+on:
+  workflow_dispatch:
+
+jobs:
+  bootstrap:
+    runs-on: mealcraft-runners
+    container: ubuntu:22.04
+
+    steps:
+    # -----------------------------------------------------
+    # Checkout
+    # -----------------------------------------------------
+    - uses: actions/checkout@v4
+
+    # -----------------------------------------------------
+    # Install kubectl
+    # -----------------------------------------------------
+    - name: Install kubectl
+      run: |
+        apt-get update
+        apt-get install -y ca-certificates curl
+        curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+        install -m 0755 kubectl /usr/local/bin/kubectl
+
+    # -----------------------------------------------------
+    # Configure kubeconfig using the ARC pod token
+    # -----------------------------------------------------
+    - name: Configure kubeconfig
+      run: |
+        KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
+        SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+        CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+        NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+        kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
+        kubectl config set-credentials runner --token="$SA_TOKEN"
+        kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
+        kubectl config use-context runner-context
+
+    # -----------------------------------------------------
+    # Docker Login
+    # -----------------------------------------------------
+    - name: Docker Login
+      uses: ./.github/actions/docker-login
+      with:
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+    # -----------------------------------------------------
+    # Build & Push the Docker Image (idempotent)
+    # -----------------------------------------------------
+    - name: Build Traefik Image
+      run: |
+        docker build traefik \
+          --file traefik/Dockerfile \
+          --tag docker.io/kimjunte/edge_router:$GITHUB_SHA
+
+    - name: Push Traefik Image
+      run: |
+        docker push docker.io/kimjunte/edge_router:$GITHUB_SHA
+
+    # -----------------------------------------------------
+    # Apply Storage Classes + PVCs — idempotent with apply
+    # -----------------------------------------------------
+    - name: Apply StorageClass + PV
+      run: |
+        kubectl apply -f traefik/storageclass/storageclass.yaml
+        kubectl apply -f traefik/storageclass/certs-pv.yaml
+        kubectl get storageclass
+
+    # -----------------------------------------------------
+    # Apply Traefik CRDs only if missing
+    # -----------------------------------------------------
+    - name: Install Traefik CRDs (idempotent)
+      run: |
+        if ! kubectl get crd ingressroutes.traefik.containo.us >/dev/null 2>&1; then
+          echo "Traefik CRDs not found — installing..."
+          kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+          kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+          kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/05-tlsoption.yml
+        else
+          echo "Traefik CRDs already installed — skipping."
+        fi
+
+    # -----------------------------------------------------
+    # Deploy Traefik — idempotent with kubectl apply
+    # -----------------------------------------------------
+    - name: Deploy Traefik (safe repeat)
+      run: |
+        echo "Applying Traefik PVC/Deployments/Services/etc…"
+        kubectl apply -f traefik/edge-router/pvc.yaml
+        kubectl apply -f traefik/edge-router/traefik-deployment.yml
+        kubectl apply -f traefik/edge-router/traefik-services.yml
+        kubectl apply -f traefik/edge-router/middleware.yaml
+        kubectl apply -f traefik/edge-router/secret-dashboard.yml
+        kubectl apply -f traefik/edge-router/traefik-ingressroute.yml
+
+    # -----------------------------------------------------
+    # Deploy whoami — idempotent
+    # -----------------------------------------------------
+    - name: Deploy whoami test service
+      run: |
+        kubectl apply -f traefik/who-am-i/whoami-deployment.yml
+        kubectl apply -f traefik/who-am-i/whoami-service.yml
+        kubectl apply -f traefik/who-am-i/whoami-ingressroute.yml
+
+    # -----------------------------------------------------
+    # Create Docker Registry Secrets — idempotent
+    # -----------------------------------------------------
+    - name: Create registry secret (default ns)
+      run: |
+        kubectl apply -f traefik/docker-registry-credentials/docker-credentials.yml
+
+    # -----------------------------------------------------
+    # Create staging namespace if not exists
+    # -----------------------------------------------------
+    - name: Create staging namespace
+      run: |
+        kubectl get namespace staging >/dev/null 2>&1 || kubectl create namespace staging
+
+    # -----------------------------------------------------
+    # Apply registry secret to staging — idempotent
+    # -----------------------------------------------------
+    - name: Registry secret in staging namespace
+      run: |
+        sed 's/namespace: default/namespace: staging/' \
+          traefik/docker-registry-credentials/docker-credentials.yml \
+          | kubectl apply -f -
diff --git a/README.md b/README.md
index fb5b8ea..a08173a 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@ TODO:
 - [x] Download next js 
 - [x] Aws terraform plan and apply configured
 - [] Deploy into my new k8s
+    - [x] k get pods -A works
     - [] deploy docker registry credentials
     - [] deploy storageclass
     - [] deloy traefik customised
diff --git a/github_runner/install/install_arc.sh b/github_runner/install/install_arc.sh
index 8c60e57..9e16758 100644
--- a/github_runner/install/install_arc.sh
+++ b/github_runner/install/install_arc.sh
@@ -55,7 +55,7 @@ metadata:
   name: arc-runner-readonly-binding
 subjects:
   - kind: ServiceAccount
-    name: mealcraft-runners
+    name: default
     namespace: arc-systems
 roleRef:
   kind: ClusterRole
@@ -63,4 +63,5 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
 EOF
 
+
 echo "=== RBAC Applied Successfully ==="