apiVersion: v1 kind: Secret metadata: name: secretCA1 namespace: default data: tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= --- apiVersion: v1 kind: Secret metadata: name: secretCA2 namespace: default data: tls.ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= --- apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption metadata: name: foo namespace: default spec: minversion: VersionTLS12 snistrict: true ciphersuites: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 clientca: secretnames: - secretCA1 - secretCA2 optional: true --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: test.crd namespace: default spec: entryPoints: - web routes: - match: Host(`foo.com`) && PathPrefix(`/bar`) kind: Rule priority: 12 services: - name: whoami port: 80 tls: options: name: foo