How can I disable TLS 1.0 and TLS 1.1 from an ingress resource definition using annotations? For example I already have the following annotations on an example ingress:
Thanks for your interest in Traefik.
On TLS, you can specify several options to support different cipher suites or to accept only some versions. In k8s you have to add an annotation on your ingress, and create a resource defining the TLS options. I suggest you to have a look to this documentation: Traefik TLS Documentation - Traefik.
@moutoum if I create the global Kubernetes resource:
I assume I need to re-install Traefik with the helm chart after? Does the above Kubernetes resource apply to ALL ingress endpoints in the cluster? Is there a way to pick and choose which ingress endpoints the above
minVersion applies to?
@nodesocket When you create a TLSOption, you have then to apply it using
kubectl apply -f <your-file>.
Then you have to link the TLS option to an ingress. You can do this by adding an annotation on your ingress and apply your ingress aswell:
With this, only the ingresses using the option are affected by the
minVersion. You don't need to restart traefik as ingresses are part of the dynamic config which is computed on the fly based on the kubernetes events.