Disable TLSv1/v1.1 globally, running as k8s controller

Currently traefik v2.1 serves TLS v1.0/1.1 by default. As long as I am aware the nginx controller serves >= 1.2. Is this going to change with traefik v2.2?

To my other question, the v2 stills lacks some clearness. How am I supposed to disable TLS1/1.1 globally for now?
We mainly use Ingresses and not the crd IngressRoutes. It is clear to me how this is supposed to work with IngressRoutes but not with Ingresses.

So my questions are:

• How can I set TlsOptions (k8s tlsOptions resource) for the default router which is used to serve k8s Ingresses? I would like to set some default options rather than configuring tls protocols for each ingress.
• Is this even possible globally, meaning as a default?
• If not, can I set the tls protocol at least as annotation on each ingress separately?

Checking the code it seems like it is not even possible with v1.2 (https://github.com/containous/traefik/blob/v2.1/pkg/provider/kubernetes/ingress/kubernetes.go#L358 How can I modify tls options?) but in master
it looks like one can set annotations to set tls options (https://github.com/containous/traefik/blob/master/pkg/provider/kubernetes/ingress/kubernetes.go#L560).

Thanks

I am not very familiar with the kubernetes side of things, but you can make global configurations for Traefik with this bit of yaml (suit to your needs):

tls_config.yaml

tls:
  options:
    default:
      minVersion: VersionTLS12
      sniStrict : true
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

    mintls13:
      minVersion: VersionTLS13

Is this helpful at all in a Kubernetes context?

Hah, I had the wrong opinion that it was not possible to combine the file provider and k8s ingress provider. This actually worked. Thanks.