Define TLS options on the Router configuration for Kubernetes

Co-authored-by: juliens <julien@containo.us>

docs/content/middlewares/overview.md

@@ -71,6 +71,38 @@ labels:
   - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
 ```
 
+```toml tab="File"
+[tlsOptions]
+    [tlsOptions.default]
+        minVersion = "VersionTLS12"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: mytlsoption
+  namespace: default
+
+spec:
+  minversion: VersionTLS12
+```
+
 ```toml tab="File"
 # As Toml Configuration File
 [providers]

docs/content/providers/crd_tls_option.yml

@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced

docs/content/providers/kubernetes-crd.md

@@ -230,6 +230,51 @@ spec:
 
 More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
 
+### Traefik TLS Option Definition
+
+Additionally, to allow for the use of tls options in an IngressRoute, we defined the CRD below for the TLSOption kind.
+More information about TLS Options is available in the dedicated [TLS Configuration Options](../../https/tls/#tls-options).
+
+```yaml
+--8<-- "content/providers/crd_tls_option.yml"
+```
+
+Once the TLSOption kind has been registered with the Kubernetes cluster or defined in the File Provider, it can then be used in IngressRoute definitions, such as:
+
+```yaml
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: mytlsoption
+  namespace: default
+
+spec:
+  minversion: VersionTLS12
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ingressroutebar
+
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`bar.com`) && PathPrefix(`/stripit`)
+    kind: Rule
+    services:
+    - name: whoami
+      port: 80
+  tls:
+    options: 
+      name: mytlsoption
+      namespace: default
+```
+
+!!! note "TLS Option reference and namespace"
+    If the optional `namespace` attribute is not set, the configuration will be applied with the namespace of the IngressRoute.
+
 ### TLS
 
 To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`:

docs/content/reference/dynamic-configuration/kubernetes-crd.yml

@@ -26,6 +26,21 @@ spec:
     singular: middleware
   scope: Namespaced
 
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -85,6 +100,9 @@ spec:
   # use an empty tls object for TLS with Let's Encrypt
   tls:
     secretName: supersecret
+    options:
+      name: myTLSOption
+      namespace: default
 
 ---
 apiVersion: traefik.containo.us/v1alpha1
@@ -104,3 +122,6 @@ spec:
   tls:
     secretName: foosecret
     passthrough: false
+    options:
+      name: myTLSOption
+      namespace: default