Docs
Blog
Kubevious.io places cookies on your computer or device to make the site work better and to help us understand how you use our site. Further use of this site (by clicking, navigating or scrolling) will be considered consent. Please visit our privacy policy for more information.
Guard
Features
Application Centric UI
Health Monitoring
Cloud Native Tools
Search Engine
Time Machine
Rules Engine
Slack Bot
Built-in Validators
Container
Compute
Configuration
Networking
Storage
RBAC
Security
Traefik Proxy
Missing Traefik Middleware reference in IngressRoute
Missing Traefik Service reference in IngressRoute or TraefikService
Missing Traefik TLSOptions reference in IngressRoute
Unused Traefik Middleware
Unused Traefik Service
Unused Traefik TLSOptions
Docs
Built-in Validators
Traefik Proxy

Unused Traefik TLSOptions

Traefik TLSOptions are used to configure Traefik Proxy TLS connection parameters. TLSOptions are referenced from IngressRoute. This validator detects when a TLSOptions is not attached to IngressRoutes. That can be an indication of a typo in the TLSOptions name, namespace or IngressRoutes reference.

Affected Resources: TLSOptions

Examples

apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption metadata: name: bar # Different name in IngressRoute namespace: samples spec: cipherSuites: - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - TLS_AES_256_GCM_SHA384 - TLS_AES_128_GCM_SHA256 - TLS_CHACHA20_POLY1305_SHA256 - TLS_FALLBACK_SCSV curvePreferences: - CurveP521 - CurveP384 minVersion: VersionTLS12 sniStrict: true
apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: whoami spec: entryPoints: - websecure routes: - kind: Rule match: Host(`demo.kubevious.io`) services: - kind: Service name: whoami-svc port: 80 tls: certResolver: le options: name: foo # TLSOptions not found in the namespace "samples" namespace: samples

Resolution

  • Examine IngressRoutes within the namespace and determine if the TLSOptions is supposed used in any of them.
  • Examine cross-namespace references in IngressRoutes and see if any of them should refer to this TLSOptions.
  • If the TLSOptions is indeed unused, it may need to be just removed.
    • Prev
    Unused Traefik Service

    Need other validation rules?

    Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

    Share this article on:
    message
    PRODUCTGet StartedDemoOpen-Source
    COMPANYContactPrivacy PolicyTerms and Conditions
    KNOWLEDGE BASEDocumentationKubernetes Best PracticesBlog