I noticed that "RequireAndVerifyClientCert" has no effect on "clientAuthType:" if the secret in "secretNames:" is missing. This means that if the secret is missing or misconfigured, the endpoint is no longer protected and accessible to the whole world. I consider this fallback behavior to be highly risky. Does anyone know how I can prevent that a missing secret leads to a security disaster?
Hintergrund: Ich verwende den traefik in k3s: