Add documentation to Traefik CRD properties

Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>

docs/content/user-guides/crd-acme/05-tlsoption.yml

@@ -0,0 +1,17 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TLSOption
+metadata:
+  name: default
+  namespace: default
+spec:
+  minVersion: VersionTLS12
+  cipherSuites:
+    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   # TLS 1.2
+    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    # TLS 1.2
+    - TLS_AES_256_GCM_SHA384                  # TLS 1.3
+    - TLS_CHACHA20_POLY1305_SHA256            # TLS 1.3
+  curvePreferences:
+    - CurveP521
+    - CurveP384
+  sniStrict: true

docs/content/user-guides/crd-acme/index.md

@@ -44,20 +44,25 @@ Let's now have a look (in the order they should be applied, if using `kubectl ap
 
 ### IngressRoute Definition
 
-First, the definition of the `IngressRoute` and the `Middleware` kinds.
-Also note the RBAC authorization resources; they'll be referenced through the `serviceAccountName` of the deployment, later on.
+First, you will need to install Traefik CRDs containing the definition of the `IngressRoute` and the `Middleware` kinds, 
+and the RBAC authorization resources which will be referenced through the `serviceAccountName` of the deployment.
 
-```yaml
---8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
+```bash
+# Install Traefik Resource Definitions:
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
 
----
---8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
+# Install RBAC for Traefik:
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
 ```
 
 ### Services
 
 Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
 
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/02-services.yml
+```
+
 ```yaml
 --8<-- "content/user-guides/crd-acme/02-services.yml"
 ```
@@ -67,6 +72,10 @@ Then, the services. One for Traefik itself, and one for the app it routes for, i
 Next, the deployments, i.e. the actual pods behind the services.
 Again, one pod for Traefik, and one for the whoami app.
 
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/03-deployments.yml
+```
+
 ```yaml
 --8<-- "content/user-guides/crd-acme/03-deployments.yml"
 ```
@@ -91,7 +100,7 @@ Look it up.
 We can now finally apply the actual ingressRoutes, with:
 
 ```bash
-kubectl apply -f 04-ingressroutes.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/04-ingressroutes.yml
 ```
 
 ```yaml
@@ -110,3 +119,16 @@ curl http://your.example.com:8000/notls
 ```
 
 Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
+
+### Force TLS v1.2+
+
+Nowadays, TLS v1.0 and v1.1 are deprecated.
+In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/05-tlsoption.yml
+```
+
+```yaml
+--8<-- "content/user-guides/crd-acme/05-tlsoption.yml"
+```