From 325d15a44677b4f5db80f8896b19b7a235fc9253 Mon Sep 17 00:00:00 2001
From: Oleksandr Berezovskyi <berezovskyi.oleksandr@gmail.com>
Date: Mon, 16 Mar 2026 00:40:11 +0200
Subject: [PATCH] feat(k8s/infrastructure/traefik): configure TLS options

---
 .../controllers/traefik/tls-options.yaml          | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 kubernetes/infrastructure/controllers/traefik/tls-options.yaml

diff --git a/kubernetes/infrastructure/controllers/traefik/tls-options.yaml b/kubernetes/infrastructure/controllers/traefik/tls-options.yaml
new file mode 100644
index 0000000..b12fa51
--- /dev/null
+++ b/kubernetes/infrastructure/controllers/traefik/tls-options.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+  name: default
+  namespace: traefik
+spec:
+  minVersion: VersionTLS12
+  cipherSuites:
+    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256