diff --git a/kubernetes/infrastructure/controllers/traefik/tls-options.yaml b/kubernetes/infrastructure/controllers/traefik/tls-options.yaml
new file mode 100644
index 0000000..b12fa51
--- /dev/null
+++ b/kubernetes/infrastructure/controllers/traefik/tls-options.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+  name: default
+  namespace: traefik
+spec:
+  minVersion: VersionTLS12
+  cipherSuites:
+    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256