From 5b762268015a4c03666597bd61be299b58f2f943 Mon Sep 17 00:00:00 2001
From: Shahab Dogar <shahab@dogar.dev>
Date: Thu, 11 Dec 2025 09:17:03 +0500
Subject: [PATCH] fix: Traefik | remove custom tls option

---
 network-security/index.ts           |  6 ------
 network-security/traefik/index.ts   |  1 -
 network-security/traefik/tlsOpts.ts | 31 -----------------------------
 utils/traefik/ingress/ingress.ts    |  4 ----
 4 files changed, 42 deletions(-)
 delete mode 100644 network-security/traefik/tlsOpts.ts

diff --git a/network-security/index.ts b/network-security/index.ts
index f6ed544..b39ee12 100644
--- a/network-security/index.ts
+++ b/network-security/index.ts
@@ -7,7 +7,6 @@ import {
   RateLimitMiddleware,
   IpAllowListMiddleware,
   IpAllowListMiddlewareTCP,
-  TLSOptions,
 } from "./traefik";
 import { ValkeyCluster } from "./valkey";
 import { InternalIngressRoute, PrivateCertificate } from "../utils";
@@ -68,11 +67,6 @@ export class NetworkSecurity extends TerraformStack {
       name: "rate-limit",
     });
 
-    new TLSOptions(this, "tls-options", {
-      provider: kubernetes,
-      namespace,
-    });
-
     new IpAllowListMiddleware(this, "internal-ip-allow-list", {
       provider: kubernetes,
       namespace,
diff --git a/network-security/traefik/index.ts b/network-security/traefik/index.ts
index 3e84db1..0c29d72 100644
--- a/network-security/traefik/index.ts
+++ b/network-security/traefik/index.ts
@@ -1,3 +1,2 @@
 export { RateLimitMiddleware } from "./rateLimit";
 export { IpAllowListMiddleware, IpAllowListMiddlewareTCP } from "./ipAllowList";
-export { TLSOptions } from "./tlsOpts";
diff --git a/network-security/traefik/tlsOpts.ts b/network-security/traefik/tlsOpts.ts
deleted file mode 100644
index 3dbc6e8..0000000
--- a/network-security/traefik/tlsOpts.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-import { Construct } from "constructs";
-import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
-import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
-
-export class TLSOptions extends Construct {
-  constructor(
-    scope: Construct,
-    id: string,
-    opts: { provider: KubernetesProvider; namespace: string },
-  ) {
-    super(scope, id);
-
-    const { provider, namespace } = opts;
-
-    new Manifest(this, "traefik-tls-options", {
-      provider,
-      manifest: {
-        apiVersion: "traefik.io/v1alpha1",
-        kind: "TLSOption",
-        metadata: {
-          namespace,
-          name: "tls-options",
-        },
-        spec: {
-          minVersion: "VersionTLS13",
-          sniStrict: true,
-        },
-      },
-    });
-  }
-}
diff --git a/utils/traefik/ingress/ingress.ts b/utils/traefik/ingress/ingress.ts
index 36f5cd4..e90ff86 100644
--- a/utils/traefik/ingress/ingress.ts
+++ b/utils/traefik/ingress/ingress.ts
@@ -110,10 +110,6 @@ export class IngressRoute extends Construct {
     if (opts.tlsSecretName) {
       spec.tls = {
         secretName: opts.tlsSecretName,
-        options: {
-          name: "tls-options",
-          namespace: "homelab",
-        },
       };
     }