Merge branch v3.4 into master

2025-11-24 08:23:52 +03:00 · 2025-06-25 11:14:51 +02:00
parent 56a95d6c16 c2c488ffc5
commit cbfecc5d49
33 changed files with 1030 additions and 482 deletions
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.2
-FROM alpine:3.21
+FROM alpine:3.22
 RUN apk add --no-cache --no-progress ca-certificates tzdata
--- a/docs/check.Dockerfile
+++ b/docs/check.Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.21
+FROM alpine:3.22
 RUN apk --no-cache --no-progress add \
    build-base \
@@ -9,9 +9,7 @@ RUN apk --no-cache --no-progress add \
    ruby \
    ruby-bigdecimal \
    ruby-dev \
    ruby-etc \
    ruby-ffi \
    ruby-json \
    zlib-dev
 RUN gem install nokogiri --version 1.18.6 --no-document -- --use-system-libraries
--- a/docs/content/assets/img/getting-started/docker-router.png
+++ b/docs/content/assets/img/getting-started/docker-router.png
--- a/docs/content/assets/img/getting-started/kubernetes-gateway.png
+++ b/docs/content/assets/img/getting-started/kubernetes-gateway.png
--- a/docs/content/assets/img/getting-started/providers.png
+++ b/docs/content/assets/img/getting-started/providers.png
--- a/docs/content/assets/img/getting-started/traefik-dashboard-docker.png
+++ b/docs/content/assets/img/getting-started/traefik-dashboard-docker.png
--- a/docs/content/assets/img/getting-started/traefik-dashboard.png
+++ b/docs/content/assets/img/getting-started/traefik-dashboard.png
--- a/docs/content/assets/img/getting-started/whoami-localhost.png
+++ b/docs/content/assets/img/getting-started/whoami-localhost.png
--- a/docs/content/deprecation/releases.md
+++ b/docs/content/deprecation/releases.md
@@ -6,11 +6,12 @@ Below is a non-exhaustive list of versions and their maintenance status:
 | Version | Release Date | Active Support     | Security Support  |
 |---------|--------------|--------------------|-------------------|
-| 3.3     | Jan 06, 2025 | Yes                | Yes               |
+| 3.4     | May 05, 2025 | Yes                | Yes               |
 | 3.3     | Jan 06, 2025 | Ended May 05, 2025 | No                |
 | 3.2     | Oct 28, 2024 | Ended Jan 06, 2025 | No                |
 | 3.1     | Jul 15, 2024 | Ended Oct 28, 2024 | No                |
 | 3.0     | Apr 29, 2024 | Ended Jul 15, 2024 | No                |
-| 2.11    | Feb 12, 2024 | Ends  Apr 29, 2025 | Ends Feb 01, 2026 |
+| 2.11    | Feb 12, 2024 | Ended Apr 29, 2025 | Ends Feb 01, 2026 |
 | 2.10    | Apr 24, 2023 | Ended Feb 12, 2024 | No                |
 | 2.9     | Oct 03, 2022 | Ended Apr 24, 2023 | No                |
 | 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 | No                |
--- a/docs/content/getting-started/docker.md
+++ b/docs/content/getting-started/docker.md
@@ -0,0 +1,162 @@
 ---
 title: "Docker and Traefik Quick Start"
 description: "Deploy Traefik in Docker and expose your first service"
 ---
 # Getting Started with Docker and Traefik
 Docker is a first-class citizen in Traefik, offering native support for Docker containers and services. 
 Whether you're using Docker Compose or running containers directly, Traefik provides a seamless experience for managing your Docker traffic.
 This guide shows you how to:
 - Install Traefik using Docker
 - Expose the Traefik dashboard
 - Deploy a sample application
 - Configure basic routing
 ## Prerequisites
 - Docker 
 - Docker Compose (optional)
 ## Install Traefik
 ### Using Docker Compose
 Create a Docker Compose file. 
 This configuration:
 - Exposes ports 80 and 8080. 
 - Enables the Docker provider
 - Configures the dashboard with basic settings. Port 8080 serves the dashboard because we enabled `--api.insecure=true` (development use only)
 - Mounts the Docker socket for container discovery
 ```yaml
 # docker-compose.yml
 services:
  traefik:
    image: traefik:v3.4
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
 ```
 Start Traefik:
 ```bash
 docker-compose up -d
 ```
 ### Using Docker CLI
 Alternatively, you can run Traefik directly with Docker. 
 This command:
 - Exposes ports 80 and 8080 for web traffic and dashboard access
 - Mounts the configuration file and Docker socket
 - Uses the same configuration as the Docker Compose example
 Create a configuration file:
 ```yaml
 # traefik.yml
 api:
  insecure: true
 entryPoints:
  web:
    address: ":80"
 providers:
  docker: {}
 ```
 Start Traefik:
 ```bash
 docker run -d \
  -p 80:80 \
  -p 8080:8080 \
  -v $PWD/traefik.yml:/etc/traefik/traefik.yml \
  -v /var/run/docker.sock:/var/run/docker.sock \
  traefik:v3.4
 ```
 ## Expose the Dashboard
 Because we explicitly enabled insecure mode, the [dashboard](../reference/install-configuration/api-dashboard.md) is reachable on port 8080 without authentication. 
 **Do not enable this flag in production**.
 You can access the dashboard at:
 [http://localhost:8080/dashboard/](http://localhost:8080/dashboard/)
 ![Traefik Dashboard Screenshot](../assets/img/getting-started/traefik-dashboard.png)
 ## Deploy a Sample Application
 Create a whoami service:
 ```yaml
 # whoami.yml
 services:
  whoami:
    image: traefik/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
 ```
 Apply the configuration:
 ```bash
 docker-compose -f whoami.yml up -d
 ```
 ## Test Your Setup
 You can use the following curl command to verify that the application is correctly exposed:
 ```bash
 curl http://whoami.localhost
 Hostname: 068c0a29a8b7
 IP: 127.0.0.1
 IP: ::1
 IP: 192.168.147.3
 RemoteAddr: 192.168.147.2:56006
 GET / HTTP/1.1
 Host: whoami.localhost
 User-Agent: curl/8.7.1
 Accept: */*
 Accept-Encoding: gzip
 X-Forwarded-For: 192.168.147.1
 X-Forwarded-Host: whoami.localhost
 X-Forwarded-Port: 80
 X-Forwarded-Proto: http
 X-Forwarded-Server: 9232cdd4fd6c
 X-Real-Ip: 192.168.147.1
 ```
 You can also open [http://whoami.localhost](http://whoami.localhost) in a browser to test the application:
 ![whoami application Screenshot](../assets/img/getting-started/whoami-localhost.png)
 If you navigate to the **HTTP Routers** section of the Traefik dashboard, you can see that the `whoami.localhost` route is managed by the Traefik Docker provider:
 ![Traefik Dashboard HTTP Routers Section Screenshot](../assets/img/getting-started/docker-router.png)
 That's it! You've successfully deployed Traefik and configured routing in Docker.
 ## Next Steps
 - [Configure TLS](../reference/routing-configuration/http/tls/overview.md)
 - [Set up Middlewares](../reference/routing-configuration/http/middlewares/overview.md)
 - [Enable Metrics](../reference/install-configuration/observability/metrics.md)
 - [Learn more about Docker provider](../reference/install-configuration/providers/docker.md)
 {!traefik-for-business-applications.md!}
--- a/docs/content/getting-started/index.md
+++ b/docs/content/getting-started/index.md
@@ -0,0 +1,25 @@
 ---
 title: "Getting Started with Traefik"
 description: "Quick start guides for deploying Traefik in Kubernetes and Docker environments"
 ---
 # Getting Started with Traefik
 Traefik can be deployed in various environments. Choose your preferred deployment method:
 - [Kubernetes Quick Start](./kubernetes.md) - Deploy Traefik using Helm
 - [Docker Quick Start](./docker.md) - Deploy Traefik using Docker
 Each guide will help you:
 - Install Traefik
 - Expose the dashboard
 - Deploy a sample application
 - Configure basic routing
 ## Before You Begin
 Make sure you have the necessary prerequisites for your chosen environment:
 - **Kubernetes**: A running Kubernetes cluster, Helm 3, and kubectl
 - **Docker**: Docker and optionally Docker Compose
--- a/docs/content/getting-started/kubernetes.md
+++ b/docs/content/getting-started/kubernetes.md
@@ -0,0 +1,331 @@
 ---
 title: "Kubernetes and Traefik Quick Start"
 description: "Deploy Traefik in Kubernetes using Helm and expose your first service"
 slug: quick-start-with-kubernetes
 ---
 # Getting Started with Kubernetes and Traefik
 Kubernetes is a first-class citizen in Traefik, offering native support for Kubernetes resources and the latest Kubernetes standards. 
 Whether you're using Traefik's [IngressRoute CRD](../reference/routing-configuration/kubernetes/crd/http/ingressroute.md), [Ingress](../reference/routing-configuration/kubernetes/ingress.md) or the [Kubernetes Gateway API](../reference/routing-configuration/kubernetes/gateway-api.md), 
 Traefik provides a seamless experience for managing your Kubernetes traffic.
 This guide shows you how to:
 - Create a Kubernetes cluster using k3d
 - Install Traefik using Helm
 - Expose the Traefik dashboard
 - Deploy a sample application
 - Configure basic routing with IngressRoute and Gateway API
 ## Prerequisites
 - Kubernetes
 - Helm 3
 - kubectl
 - k3d (for local cluster creation)
 ## Create a Kubernetes Cluster
 ### Using k3d
 Create a cluster with the following command. This command:
 - Creates a k3d cluster named "traefik"
 - Maps ports 80, 443, and 8000 to the loadbalancer for accessing services
 - Disables the built-in Traefik ingress controller to avoid conflicts
 ```bash
 k3d cluster create traefik \
  --port 80:80@loadbalancer \
  --port 443:443@loadbalancer \
  --port 8000:8000@loadbalancer \
  --k3s-arg "--disable=traefik@server:0"
 ```
 Configure kubectl:
 ```bash
 kubectl cluster-info --context k3d-traefik
 ```
 ## Install Traefik
 ### Using Helm Values File
 Add the Traefik Helm repository:
 ```bash
 helm repo add traefik https://traefik.github.io/charts
 helm repo update
 ```
 Create a values file. This configuration:
 - Maps ports 80 and 443 to the web and websecure [entrypoints](../reference/install-configuration/entrypoints.md)
 - Enables the [dashboard](../reference/install-configuration/api-dashboard.md) with a specific hostname rule
 - Enables the [Kubernetes Gateway API provider](../reference/routing-configuration/kubernetes/gateway-api.md)
 - Allows the Gateway to expose [HTTPRoutes](https://gateway-api.sigs.k8s.io/api-types/httproute/) from all namespaces
 ```yaml
 # values.yaml
 ingressRoute:
  dashboard:
    enabled: true
    matchRule: Host(`dashboard.localhost`)
    entryPoints:
      - web
 providers:
  kubernetesGateway:
    enabled: true
 gateway:
  namespacePolicy: All
 ```
 !!! info
    The [KubernetesCRD](../reference/install-configuration/providers/kubernetes/kubernetes-crd.md) provider is enabled by default when using the Helm chart so we don't need to set it in the values file.
 Install Traefik:
 ```bash
 helm install traefik traefik/traefik -f values.yaml --wait
 ```
 ### Using Helm CLI Arguments
 Alternatively, you can install Traefik using CLI arguments. This command:
 - Maps ports `30000` and `30001` to the web and websecure entrypoints
 - Enables the dashboard with a specific hostname rule
 - Enables the [Kubernetes Gateway API provider](../reference/routing-configuration/kubernetes/gateway-api.md)
 - Allows the Gateway to expose HTTPRoutes from all namespaces
 ```bash
 helm install traefik traefik/traefik --wait \
  --set ingressRoute.dashboard.enabled=true \
  --set ingressRoute.dashboard.matchRule='Host(`dashboard.localhost`)' \
  --set ingressRoute.dashboard.entryPoints={web} \
  --set providers.kubernetesGateway.enabled=true \
  --set gateway.namespacePolicy=All
 ```
 !!! info
    The [KubernetesCRD](../reference/install-configuration/providers/kubernetes/kubernetes-crd.md) provider is enabled by default when using the Helm chart so we don't need to set it in the CLI arguments.
 When Traefik is installed with the Gateway API provider enabled, it automatically creates a default GatewayClass named **traefik**:
 ```bash
 kubectl describe GatewayClass traefik
 ```
 ## Expose the Dashboard
 The dashboard is exposed with an [IngressRoute](../reference/routing-configuration/kubernetes/crd/http/ingressroute.md) provided by the Chart, as we defined in the helm values during installation. 
 Access it at:
 [http://dashboard.localhost/dashboard/](http://dashboard.localhost/dashboard/)
 ![Traefik Dashboard Screenshot](../assets/img/getting-started/traefik-dashboard.png)
 ## Deploy a Sample Application
 Create a deployment:
 ```yaml
 # whoami.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: whoami
 spec:
  replicas: 2
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - containerPort: 80
 ```
 Create a service:
 ```yaml
 # whoami-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
  name: whoami
 spec:
  ports:
    - port: 80
  selector:
    app: whoami
 ```
 Apply the manifests:
 ```bash
 kubectl apply -f whoami.yaml
 kubectl apply -f whoami-service.yaml
 ```
 ## Exposing the Application Using an IngressRoute (CRD)
 Create an IngressRoute:
 ```yaml
 # whoami-ingressroute.yaml
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: whoami
 spec:
  entryPoints:
    - web
  routes:
    - match: Host(`whoami.localhost`)
      kind: Rule
      services:
        - name: whoami
          port: 80
 ```
 Apply the manifest:
 ```bash
 kubectl apply -f whoami-ingressroute.yaml
 ```
 ### Test Your Setup
 You can use the following curl command to verify that the application is correctly exposed:
 ```bash
 curl http://whoami.localhost
 Hostname: whoami-76c9859cfc-6v8hh
 IP: 127.0.0.1
 IP: ::1
 IP: 10.42.0.11
 IP: fe80::20ad:eeff:fe44:a63
 RemoteAddr: 10.42.0.9:38280
 GET / HTTP/1.1
 Host: whoami.localhost
 User-Agent: curl/8.7.1
 Accept: */*
 Accept-Encoding: gzip
 X-Forwarded-For: 127.0.0.1
 X-Forwarded-Host: whoami.localhost
 X-Forwarded-Port: 80
 X-Forwarded-Proto: http
 X-Forwarded-Server: traefik-598946cd7-zds59
 X-Real-Ip: 127.0.0.1
 ```
 You can also visit [http://whoami.localhost](http://whoami.localhost) in a browser to verify that the application is exposed correctly:
 ![whoami application Screenshot](../assets/img/getting-started/whoami-localhost.png)
 ## Exposing the Application Using the Gateway API
 Traefik supports the Kubernetes Gateway API specification, which provides a more standardized way to configure ingress in Kubernetes.
 When we installed Traefik earlier, we enabled the Gateway API provider. 
 You can verify this in the providers section of the Traefik dashboard.
 ![Providers Section Screenshot](../assets/img/getting-started/providers.png)
 To use the Gateway API:
 Install the Gateway API CRDs in your cluster:
 ```bash
 kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml
 ```
 Create an HTTPRoute. This configuration:
 - Creates an HTTPRoute named "whoami"
 - Attaches it to the default Gateway that Traefik created during installation
 - Configures routing for the hostname "whoami-gatewayapi.localhost"
 - Routes all traffic to the whoami service on port 80
 ```yaml
 # httproute.yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: whoami
 spec:
  parentRefs:
    - name: traefik-gateway
  hostnames:
    - "whoami-gatewayapi.localhost"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: whoami
          port: 80
 ```
 Apply the manifest:
 ```bash
 kubectl apply -f httproute.yaml
 ```
 ### Test Your Setup
 You can use the following curl command to verify that the application is correctly exposed:
 ```bash
 curl http://whoami-gatewayapi.localhost
 Hostname: whoami-76c9859cfc-6v8hh
 IP: 127.0.0.1
 IP: ::1
 IP: 10.42.0.11
 IP: fe80::20ad:eeff:fe44:a63
 RemoteAddr: 10.42.0.9:38280
 GET / HTTP/1.1
 Host: whoami.localhost
 User-Agent: curl/8.7.1
 Accept: */*
 Accept-Encoding: gzip
 X-Forwarded-For: 127.0.0.1
 X-Forwarded-Host: whoami.localhost
 X-Forwarded-Port: 80
 X-Forwarded-Proto: http
 X-Forwarded-Server: traefik-598946cd7-zds59
 X-Real-Ip: 127.0.0.1
 ```
 You can now visit [http://whoami.localhost](http://whoami.localhost) in your browser to verify that the application is exposed correctly:
 ![whoami application Screenshot](../assets/img/getting-started/whoami-localhost.png)
 If you navigate to the **HTTP Routes** section of the traefik dashboard, you can see that the `whoami.localhost` route is managed by the Traefik Kubernetes Gateway API provider:
 ![Traefik Dashboard HTTP Routes Section Screenshot](../assets/img/getting-started/kubernetes-gateway.png)
 That's it! You've successfully deployed Traefik and configured routing in a Kubernetes cluster.
 ## Next Steps
 - [Configure TLS](../reference/routing-configuration/http/tls/overview.md)
 - [Set up Middlewares](../reference/routing-configuration/http/middlewares/overview.md)
 - [Enable Metrics](../reference/install-configuration/observability/metrics.md)
 - [Learn more about Kubernetes CRD provider](../reference/install-configuration/providers/kubernetes/kubernetes-crd.md)
 - [Learn more about Kubernetes Gateway API provider](../reference/install-configuration/providers/kubernetes/kubernetes-gateway.md)
 {!traefik-for-business-applications.md!}
--- a/docs/content/getting-started/quick-start-with-kubernetes.md
+++ b/docs/content/getting-started/quick-start-with-kubernetes.md
@@ -3,342 +3,4 @@ title: "Traefik Getting Started With Kubernetes"
 description: "Get started with Traefik Proxy and Kubernetes."
 ---
-# Quick Start
+--8<-- "content/getting-started/kubernetes.md"
 A Use Case of Traefik Proxy and Kubernetes
 {: .subtitle }
 This guide is an introduction to using Traefik Proxy in a Kubernetes environment.  
 The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.  
 It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration.
 ## Permissions and Accesses
 Traefik uses the Kubernetes API to discover running services.
 To use the Kubernetes API, Traefik needs some permissions.
 This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.  
 The role is then bound to an account used by an application, in this case, Traefik Proxy.
 The first step is to create the role.
 The [`ClusterRole`](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/#ClusterRole) resource enumerates the resources and actions available for the role.
 In a file called `00-role.yml`, put the following `ClusterRole`:
 ```yaml tab="00-role.yml"
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: traefik-role
 rules:
  - apiGroups:
      - ""
    resources:
      - services
      - secrets
      - nodes
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - discovery.k8s.io
    resources:
      - endpointslices
    verbs:
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update
  - apiGroups:
      - traefik.io
    resources:
      - middlewares
      - middlewaretcps
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
      - serverstransports
      - serverstransporttcps
    verbs:
      - get
      - list
      - watch
 ```
 !!! info "You can find the reference for this file [there](../../reference/dynamic-configuration/kubernetes-crd/#rbac)."
 The next step is to create a dedicated service account for Traefik.
 In a file called `00-account.yml`, put the following [`ServiceAccount`](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/service-account-v1/#ServiceAccount) resource:
 ```yaml tab="00-account.yml"
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: traefik-account
 ```
 And then, bind the role on the account to apply the permissions and rules on the latter. In a file called `01-role-binding.yml`, put the
 following [`ClusterRoleBinding`](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1/#ClusterRoleBinding) resource:
 ```yaml tab="01-role-binding.yml"
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: traefik-role-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-role
 subjects:
  - kind: ServiceAccount
    name: traefik-account
    namespace: default # This tutorial uses the "default" K8s namespace.
 ```
 !!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`."
 !!! info "`subjects` is the list of accounts reference."
    In this guide, it only contains the account created in `00-account.yml`
 ## Deployment and Exposition
 !!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)."
 The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller)
 is a software that runs in the same way as any other application on a cluster.  
 To start Traefik on the Kubernetes cluster,
 a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure
 and scale containers horizontally to support larger workloads.
 Start by creating a file called `02-traefik.yml` and paste the following `Deployment` resource:
 ```yaml tab="02-traefik.yml"
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: traefik-deployment
  labels:
    app: traefik
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
          image: traefik:v3.4
          args:
            - --api.insecure
            - --providers.kubernetesingress
          ports:
            - name: web
              containerPort: 80
            - name: dashboard
              containerPort: 8080
 ```
 The deployment contains an important attribute for customizing Traefik: `args`.  
 These arguments are the static configuration for Traefik.  
 From here, it is possible to enable the dashboard,
 configure entry points,
 select dynamic configuration providers,
 and [more](../reference/static-configuration/cli.md).
 In this deployment,
 the static configuration enables the Traefik dashboard,
 and uses Kubernetes native Ingress resources as router definitions to route incoming requests.
 !!! info "When there is no entry point in the static configuration"
    Traefik creates a default one called `web` using the port `80` routing HTTP requests.
 !!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`."
 A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
 Each Pod is configured following the `spec` field in the deployment.  
 Given that, a Deployment can run multiple Traefik Proxy Pods,
 a piece is required to forward the traffic to any of the instance:
 namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).  
 Create a file called `02-traefik-services.yml` and insert the two `Service` resources:
 ```yaml tab="02-traefik-services.yml"
 apiVersion: v1
 kind: Service
 metadata:
  name: traefik-dashboard-service
 spec:
  type: LoadBalancer
  ports:
    - port: 8080
      targetPort: dashboard
  selector:
    app: traefik
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: traefik-web-service
 spec:
  type: LoadBalancer
  ports:
    - targetPort: web
      port: 80
  selector:
    app: traefik
 ```
 !!! warning "It is possible to expose a service in different ways."
    Depending on your working environment and use case, the `spec.type` might change.  
    It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step.
 It is now time to apply those files on your cluster to start Traefik.
 ```shell
 kubectl apply -f 00-role.yml \
              -f 00-account.yml \
              -f 01-role-binding.yml \
              -f 02-traefik.yml \
              -f 02-traefik-services.yml
 ```
 ## Proxying applications
 The only part still missing is the business application behind the reverse proxy.  
 For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami),
 but the principles are applicable to any other application.
 The `whoami` application is an HTTP server running on port 80 which answers host-related information to the incoming requests.  
 As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource:
 ```yaml tab="03-whoami.yml"
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: whoami
  labels:
    app: whoami
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - name: web
              containerPort: 80
 ```
 And continue by creating the following `Service` resource in a file called `03-whoami-services.yml`:
 ```yaml tab="03-whoami-services.yml"
 apiVersion: v1
 kind: Service
 metadata:
  name: whoami
 spec:
  ports:
    - name: web
      port: 80
      targetPort: web
  selector:
    app: whoami
 ```
 Thanks to the Kubernetes API,
 Traefik is notified when an Ingress resource is created, updated, or deleted.  
 This makes the process dynamic.  
 The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik.
 !!! tip
    Find more information on [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/),
    and [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the official Kubernetes documentation.
 Create a file called `04-whoami-ingress.yml` and insert the `Ingress` resource:
 ```yaml tab="04-whoami-ingress.yml"
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: whoami-ingress
 spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: whoami
            port:
              name: web
 ```
 This `Ingress` configures Traefik to redirect any incoming requests starting with `/` to the `whoami:80` service.
 At this point, all the configurations are ready.
 It is time to apply those new files:
 ```shell
 kubectl apply -f 03-whoami.yml \
              -f 03-whoami-services.yml \
              -f 04-whoami-ingress.yml
 ```
 Now you should be able to access the `whoami` application and the Traefik dashboard.
 Load the dashboard on a web browser: [`http://localhost:8080`](http://localhost:8080).
 And now access the `whoami` application:
 ```shell
 curl -v http://localhost/
 ```
 !!! question "Going further"
    - [Filter the ingresses](../providers/kubernetes-ingress.md#ingressclass) to use with [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
    - Use [IngressRoute CRD](../providers/kubernetes-crd.md)
    - Protect [ingresses with TLS](../routing/providers/kubernetes-ingress.md#enabling-tls-via-annotations)
 {!traefik-for-business-applications.md!}
--- a/docs/content/getting-started/quick-start.md
+++ b/docs/content/getting-started/quick-start.md
@@ -3,118 +3,4 @@ title: "Traefik Getting Started Quickly"
 description: "Get started with Traefik Proxy and Docker."
 ---
-# Quick Start
+--8<-- "content/getting-started/docker.md"
 A Use Case Using Docker
 {: .subtitle }
 ![quickstart-diagram](../assets/img/quickstart-diagram.png)
 ## Launch Traefik With the Docker Provider
 Create a `docker-compose.yml` file where you will define a `reverse-proxy` service that uses the official Traefik image:
 ```yaml
 services:
  reverse-proxy:
    # The official v3 Traefik docker image
    image: traefik:v3.4
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
 ```
 **That's it. Now you can launch Traefik!**
 Start your `reverse-proxy` with the following command:
 ```shell
 docker compose up -d reverse-proxy
 ```
 You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (you'll go back there once you have launched a service in step 2).
 ## Traefik Detects New Services and Creates the Route for You
 Now that you have a Traefik instance up and running, you will deploy new services.
 Edit your `docker-compose.yml` file and add the following at the end of your file.
 ```yaml
 services:
  ...
  whoami:
    # A container that exposes an API to show its IP address
    image: traefik/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
 ```
 The above defines `whoami`: a web service that outputs information about the machine it is deployed on (its IP address, host, and others).
 Start the `whoami` service with the following command:
 ```shell
 docker compose up -d whoami
 ```
 Browse `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new container and updated its own configuration.
 When Traefik detects new services, it creates the corresponding routes, so you can call them ... _let's see!_  (Here, you're using curl)
 ```shell
 curl -H Host:whoami.docker.localhost http://127.0.0.1
 ```
 _Shows the following output:_
 ```yaml
 Hostname: a656c8ddca6c
 IP: 172.27.0.3
 #...
 ```
 ## More Instances? Traefik Load Balances Them
 Run more instances of your `whoami` service with the following command:
 ```shell
 docker compose up -d --scale whoami=2
 ```
 Browse to `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new instance of the container.
 Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
 ```shell
 curl -H Host:whoami.docker.localhost http://127.0.0.1
 ```
 The output will show alternatively one of the following:
 ```yaml
 Hostname: a656c8ddca6c
 IP: 172.27.0.3
 #...
 ```
 ```yaml
 Hostname: s458f154e1f1
 IP: 172.27.0.4
 # ...
 ```
 !!! question "Where to Go Next?"
    Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the user guides](../../user-guides/docker-compose/basic-example/ "Link to the user guides") and [the documentation](/ "Link to the docs landing page") and let Traefik work for you!
 {!traefik-for-business-applications.md!}
--- a/docs/content/middlewares/http/circuitbreaker.md
+++ b/docs/content/middlewares/http/circuitbreaker.md
@@ -160,8 +160,8 @@ Here is the list of supported operators:
 ### Fallback mechanism
-The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client instead of calling the target service.
+By default the fallback mechanism returns a `HTTP 503 Service Unavailable` to the client instead of calling the target service.
-This behavior cannot be configured.
+The response code can be configured.
 ### `CheckPeriod`
--- a/docs/content/observe/logs-and-access-logs.md
+++ b/docs/content/observe/logs-and-access-logs.md
@@ -0,0 +1,179 @@
 ---
 title: "Logs and Access Logs"
 description: "Logs and Access Logs in Traefik Proxy provide real-time insight into the health of your system. They enable swift error detection and intervention through alerts. By centralizing logs, you can streamline the debugging process during incident resolution."
 ---
 ## Logs
 Logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
 ### Configuration Example
 To enable and configure logs in Traefik Proxy, you can use the static configuration file or Helm values if you are using the [Helm chart](https://github.com/traefik/traefik-helm-chart).
 ```yaml tab="Structured (YAML)"
 log:
  filePath: "/path/to/log-file.log"
  format: json
  level: INFO
 ```
 ```toml tab="Structured (TOML)"
 [log]
  filePath = "/path/to/log-file.log"
  format = "json"
  level = "INFO"
 ```
 ```yaml tab="Helm Chart Values"
 logs:
  general:
    filePath: "/path/to/log-file.log"
    format: json
    level: INFO
 ```
 ## Access Logs
 Access logs concern everything that happens to the requests handled by Traefik.
 ### Configuration Example
 To enable and configure access logs in Traefik Proxy, you can use the static configuration file or Helm values if you are using the [Helm chart](https://github.com/traefik/traefik-helm-chart).
 The following example enables access logs in JSON format, filters them to only include specific status codes, and customizes the fields that are kept or dropped.
 ```yaml tab="Structured (YAML)"
 accessLog:
  format: json
  filters:
    statusCodes:
      - "200"
      - "400-404"
      - "500-503"
  fields:
    names:
      ClientUsername: drop
    headers:
      defaultMode: keep
      names:
        User-Agent: redact
        Content-Type: keep
 ```
 ```toml tab="Structured (TOML)"
 [accessLog]
  format = "json"
  [accessLog.filters]
    statusCodes = ["200", "400-404", "500-503"]
  [accessLog.fields]
    [accessLog.fields.names]
      ClientUsername = "drop"
    [accessLog.fields.headers]
      defaultMode = "keep"
      [accessLog.fields.headers.names]
        "User-Agent" = "redact"
        "Content-Type" = "keep"
 ```
 ```yaml tab="Helm Chart Values"
 # values.yaml
 logs:
  access:
    enabled: true
    format: json
    filters:
      statusCodes:
        - "200"
        - "400-404"
        - "500-503"
    fields:
      names:
        ClientUsername: drop
      headers:
        defaultMode: keep
        names:
          User-Agent: redact
          Content-Type: keep
 ```
 ## Per-Router Access Logs
 You can enable or disable access logs for a specific router. This is useful for turning off logging for noisy routes while keeping it on globally.
 Here's an example of disabling access logs on a specific router:
 ```yaml tab="Structured (YAML)"
 http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      observability:
        accessLogs: false
 ```
 ```toml tab="Structured (TOML)"
 [http.routers.my-router.observability]
  accessLogs = false
 ```
 ```yaml tab="Kubernetes"
 # ingressroute.yaml
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: my-router
 spec:
  routes:
    - kind: Rule
      match: Host(`example.com`)
      services:
        - name: my-service
          port: 80
      observability:
        accessLogs: false
 ```
 ```bash tab="Labels"
 labels:
  - "traefik.http.routers.my-router.observability.accesslogs=false"
 ```
 ```json tab="Tags"
 {
  // ...
  "Tags": [
    "traefik.http.routers.my-router.observability.accesslogs=false"
  ]
 }
 ```
 When the `observability` options are not defined on a router, it inherits the behavior from the [entrypoint's observability configuration](./overview.md), or the global one.
 ## Log Formats
 Traefik Proxy supports the following log formats:
 - Common Log Format (CLF)
 - JSON
 ## Access Log Filters
 You can configure Traefik Proxy to only record access logs for requests that match certain criteria. This is useful for reducing the volume of logs and focusing on specific events.
 The available filters are:
 - **Status Codes:** Keep logs only for requests with specific HTTP status codes or ranges (e.g., `200`, `400-404`).
 - **Retry Attempts:** Keep logs only when a request retry has occurred.
 - **Minimum Duration:** Keep logs only for requests that take longer than a specified duration.
 ## Log Fields Customization
 When using the `json` format, you can customize which fields are included in your access logs.
 - **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#available-fields).
 - **Request Headers:** You can also specify which request headers should be included in the logs, and whether their values should be `kept`, `dropped`, or `redacted`.
 !!! info
    For detailed configuration options, refer to the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md).
--- a/docs/content/observe/metrics.md
+++ b/docs/content/observe/metrics.md
@@ -0,0 +1,104 @@
 ---
 title: "Metrics"
 description: "Metrics in Traefik Proxy offer a comprehensive view of your infrastructure's health. They allow you to monitor critical indicators like incoming traffic volume. Metrics graphs and visualizations are helpful during incident triage in understanding the causes and implementing proactive measures."
 ---
 # Metrics
 Metrics in Traefik Proxy offer a comprehensive view of your infrastructure's health. They allow you to monitor critical indicators like incoming traffic volume. Metrics graphs and visualizations are helpful during incident triage in understanding the causes and implementing proactive measures.
 ## Available Metrics Providers
 Traefik Proxy supports the following metrics providers:
 - OpenTelemetry
 - Prometheus
 - Datadog
 - InfluxDB 2.X
 - StatsD
 ## Configuration
 To enable metrics in Traefik Proxy, you need to configure the metrics provider in your static configuration file or helm values if you are using the [Helm chart](https://github.com/traefik/traefik-helm-chart). The following example shows how to configure the OpenTelemetry provider to send metrics to a collector.
 ```yaml tab="Structured (YAML)"
 metrics:
  otlp:
    http:
      endpoint: http://myotlpcollector:4318/v1/metrics
 ```
 ```toml tab="Structured (TOML)"
 [metrics.otlp.http]
  endpoint = "http://myotlpcollector:4318/v1/metrics"
 ```
 ```yaml tab="Helm Chart Values"
 # values.yaml
 metrics:
  # Disable Prometheus (enabled by default)
  prometheus: null
  # Enable providing OTel metrics
  otlp:
    enabled: true
    http:
      enabled: true
      endpoint: http://myotlpcollector:4318/v1/metrics
 ```
 ## Per-Router Metrics
 You can enable or disable metrics collection for a specific router. This can be useful for excluding certain routes from your metrics data.
 Here's an example of disabling metrics on a specific router:
 ```yaml tab="Structured (YAML)"
 http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      observability:
        metrics: false
 ```
 ```toml tab="Structured (TOML)"
 [http.routers.my-router.observability]
  metrics = false
 ```
 ```yaml tab="Kubernetes"
 # ingressroute.yaml
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: my-router
 spec:
  routes:
    - kind: Rule
      match: Host(`example.com`)
      services:
        - name: my-service
          port: 80
      observability:
        metrics: false
 ```
 ```bash tab="Labels"
 labels:
  - "traefik.http.routers.my-router.observability.metrics=false"
 ```
 ```json tab="Tags"
 {
  // ...
  "Tags": [
    "traefik.http.routers.my-router.observability.metrics=false"
  ]
 }
 ```
 When the `observability` options are not defined on a router, it inherits the behavior from the [entrypoint's observability configuration](./overview.md), or the global one.
 !!! info
    For detailed configuration options, refer to the [reference documentation](../reference/install-configuration/observability/metrics.md).
--- a/docs/content/observe/overview.md
+++ b/docs/content/observe/overview.md
@@ -0,0 +1,80 @@
 ---
 title: "Observability Overview"
 description: "Traefik Proxy provides comprehensive monitoring and observability capabilities to maintain reliability and efficiency."
 ---
 # Observability Overview
 Traefik Proxy provides comprehensive monitoring and observability capabilities to maintain reliability and efficiency:
 - [Logs and Access Logs](./logs-and-access-logs.md) provide real-time insight into the health of your system. They enable swift error detection and intervention through alerts. By centralizing logs, you can streamline the debugging process during incident resolution.
 - [Metrics](./metrics.md) offer a comprehensive view of your infrastructure's health. They allow you to monitor critical indicators like incoming traffic volume. Metrics graphs and visualizations are helpful during incident triage in understanding the causes and implementing proactive measures.
 - [Tracing](./tracing.md) enables tracking the flow of operations within your system. Using traces and spans, you can identify performance bottlenecks and pinpoint applications causing slowdowns to optimize response times effectively.
 ## Configuration Example
 You can enable access logs, metrics, and tracing globally:
 ```yaml tab="Structured (YAML)"
 accessLog: {}
 metrics:
  otlp: {}
 tracing: {}
 ```
 ```toml tab="Structured (TOML)"
 [accessLog]
 [metrics.otlp]
 [tracing.otlp]
 ```
 ```yaml tab="Helm Chart Values"
 # values.yaml
 accessLog:
  enabled: true
 metrics:
  otlp:
    enabled: true
 tracing:
  otlp:
    enabled: true
 ```
 You can disable access logs, metrics, and tracing for a specific [entrypoint](../reference/install-configuration/entrypoints.md):
 ```yaml tab="Structured (YAML)"
 entryPoints:
  EntryPoint0:
    address: ':8000/udp'
    observability:
      accessLogs: false
      tracing: false
      metrics: false
 ```
 ```toml tab="Structured (TOML)"
 [entryPoints.EntryPoint0.observability]
  accessLogs = false
  tracing = false
  metrics = false
 ```
 ```yaml tab="Helm Chart Values"
 additionalArguments:
  - "--entrypoints.entrypoint0.observability.accesslogs=false"
  - "--entrypoints.entrypoint0.observability.tracing=false"
  - "--entrypoints.entrypoint0.observability.metrics=false"
 ```
 !!! note
    A router with its own observability configuration will override the global default.
 {!traefik-for-business-applications.md!}
--- a/docs/content/observe/tracing.md
+++ b/docs/content/observe/tracing.md
@@ -0,0 +1,93 @@
 ---
 title: "Tracing"
 description: "Tracing in Traefik Proxy allows you to track the flow of operations within your system. Using traces and spans, you can identify performance bottlenecks and pinpoint applications causing slowdowns to optimize response times effectively."
 ---
 # Tracing
 Tracing in Traefik Proxy allows you to track the flow of operations within your system. Using traces and spans, you can identify performance bottlenecks and pinpoint applications causing slowdowns to optimize response times effectively.
 Traefik Proxy uses [OpenTelemetry](https://opentelemetry.io/) to export traces. OpenTelemetry is an open-source observability framework. You can send traces to an OpenTelemetry collector, which can then export them to a variety of backends like Jaeger, Zipkin, or Datadog.
 ## Configuration
 To enable tracing in Traefik Proxy, you need to configure it in your static configuration file or Helm values if you are using the [Helm chart](https://github.com/traefik/traefik-helm-chart). The following example shows how to configure the OpenTelemetry provider to send traces to a collector via HTTP.
 ```yaml tab="Structured (YAML)"
 tracing:
  otlp:
    http:
      endpoint: http://myotlpcollector:4318/v1/traces
 ```
 ```toml tab="Structured (TOML)"
 [tracing.otlp.http]
  endpoint = "http://myotlpcollector:4318/v1/traces"
 ```
 ```yaml tab="Helm Chart Values"
 # values.yaml
 tracing:
  otlp:
    enabled: true
    http:
      enabled: true
      endpoint: http://myotlpcollector:4318/v1/traces
 ```
 !!! info
    For detailed configuration options, refer to the [tracing reference documentation](../reference/install-configuration/observability/tracing.md).
 ## Per-Router Tracing
 You can enable or disable tracing for a specific router. This is useful for turning off tracing for specific routes while keeping it on globally.
 Here's an example of disabling tracing on a specific router:
 ```yaml tab="Structured (YAML)"
 http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      observability:
        tracing: false
 ```
 ```toml tab="Structured (TOML)"
 [http.routers.my-router.observability]
  tracing = false
 ```
 ```yaml tab="Kubernetes"
 # ingressoute.yaml
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: my-router
 spec:
  routes:
    - kind: Rule
      match: Host(`example.com`)
      services:
        - name: my-service
          port: 80
      observability:
        tracing: false
 ```
 ```yaml tab="Labels"
 labels:
  - "traefik.http.routers.my-router.observability.tracing=false"
 ```
 ```json tab="Tags"
 {
  // ...
  "Tags": [
    "traefik.http.routers.my-router.observability.tracing=false"
  ]
 }
 ```
 When the `observability` options are not defined on a router, it inherits the behavior from the [entrypoint's observability configuration](./overview.md), or the global one.
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@@ -1949,7 +1949,7 @@ spec:
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
-                      (301).
+                      (308).
                    type: boolean
                  regex:
                    description: Regex defines the regex used to match and capture
@@ -1968,7 +1968,7 @@ spec:
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
-                      (301).
+                      (308).
                    type: boolean
                  port:
                    description: Port defines the port of the new URL.
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@@ -2,6 +2,9 @@
 CODE GENERATED AUTOMATICALLY
 THIS FILE MUST NOT BE EDITED BY HAND
 -->
 | Key (Path) | Value |
 |------------|-------|
 | `traefik/http/middlewares/Middleware01/addPrefix/prefix` | `foobar` |
 | `traefik/http/middlewares/Middleware02/basicAuth/headerField` | `foobar` |
 | `traefik/http/middlewares/Middleware02/basicAuth/realm` | `foobar` |
--- a/docs/content/reference/dynamic-configuration/kv.md
+++ b/docs/content/reference/dynamic-configuration/kv.md
@@ -8,6 +8,4 @@ description: "Read the technical documentation to learn the Traefik Dynamic Conf
 Dynamic configuration with KV stores.
 {: .subtitle }
 | Key (Path)                                                                                   | Value       |
 |----------------------------------------------------------------------------------------------|-------------|
 --8<-- "content/reference/dynamic-configuration/kv-ref.md"
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
@@ -1172,7 +1172,7 @@ spec:
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
-                      (301).
+                      (308).
                    type: boolean
                  regex:
                    description: Regex defines the regex used to match and capture
@@ -1191,7 +1191,7 @@ spec:
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
-                      (301).
+                      (308).
                    type: boolean
                  port:
                    description: Port defines the port of the new URL.
--- a/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
+++ b/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
@@ -8,6 +8,11 @@ description: "Understand the requirements, routing configuration, and how to set
 The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; i.e,
 it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
 ??? warning "Ingress Backend Resource not supported"
    Referencing backend service endpoints using [`spec.rules.http.paths.backend.resource`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/#IngressBackend) is not supported.
    Use `spec.rules.http.paths.backend.service` instead.
 ## Configuration Example
 You can enable the `kubernetesIngress` provider as detailed below:
--- a/docs/content/reference/routing-configuration/http/load-balancing/service.md
+++ b/docs/content/reference/routing-configuration/http/load-balancing/service.md
@@ -265,6 +265,10 @@ http:
 The mirroring is able to mirror requests sent to a service to other services. Please note that by default the whole request is buffered in memory while it is being mirrored. See the `maxBodySize` option in the example below for how to modify this behaviour. You can also omit the request body by setting the `mirrorBody` option to false.
 !!! warning "Default behavior of `percent`"
    When configuring a `mirror` service, if the `percent` field is not set, it defaults to `0`, meaning **no traffic will be sent to the mirror**.
 !!! info "Supported Providers"
    This strategy can be defined currently with the [File](../../../install-configuration/providers/others/file.md) or [IngressRoute](../../../install-configuration/providers/kubernetes/kubernetes-ingress.md) providers.
@@ -285,6 +289,8 @@ http:
        maxBodySize: 1024
        mirrors:
        - name: appv2
          # Percent defines the percentage of requests that should be mirrored.
          # Default value is 0, which means no traffic will be sent to the mirror.
          percent: 10
    appv1:
--- a/docs/content/reference/routing-configuration/http/middlewares/circuitbreaker.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/circuitbreaker.md
@@ -113,8 +113,8 @@ Here is the list of supported operators:
 ### Fallback mechanism
-The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client instead of calling the target service.  
+By default the fallback mechanism returns a `HTTP 503 Service Unavailable` to the client instead of calling the target service.  
-This behavior cannot be configured.
+The response code can be configured.
 ## State
--- a/docs/content/routing/services/index.md
+++ b/docs/content/routing/services/index.md
@@ -1260,6 +1260,10 @@ Please note that by default the whole request is buffered in memory while it is
 See the maxBodySize option in the example below for how to modify this behaviour.
 You can also omit the request body by setting the mirrorBody option to `false`.
 !!! warning "Default behavior of `percent`"
    When configuring a `mirror` service, if the `percent` field is not set, it defaults to `0`, meaning **no traffic will be sent to the mirror**.
 !!! info "Supported Providers"
    This strategy can be defined currently with the [File](../../providers/file.md) or [IngressRoute](../../providers/kubernetes-crd.md) providers.
@@ -1280,6 +1284,8 @@ http:
        maxBodySize: 1024
        mirrors:
        - name: appv2
          # Percent defines the percentage of requests that should be mirrored.
          # Default value is 0, which means no traffic will be sent to the mirror.
          percent: 10
    appv1:
--- a/docs/docs.Dockerfile
+++ b/docs/docs.Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.21
+FROM alpine:3.22
 ENV PATH="${PATH}:/venv/bin"
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -66,13 +66,17 @@ markdown_extensions:
 nav:
  - 'What is Traefik': 'index.md'
  - 'Getting Started':
-      - 'Concepts' : 'getting-started/concepts.md'
+      - 'Overview': 'getting-started/index.md'
      - 'Quick Start':
-          - 'Docker': 'getting-started/quick-start.md'
+        - 'Kubernetes': 'getting-started/kubernetes.md'
-          - 'Kubernetes': 'getting-started/quick-start-with-kubernetes.md'
+        - 'Docker': 'getting-started/docker.md'
      - 'Configuration Introduction': 'getting-started/configuration-overview.md'
      - 'Install Traefik': 'getting-started/install-traefik.md'
      - 'Frequently Asked Questions': 'getting-started/faq.md'
  - 'Observe':
      - 'Overview': 'observe/overview.md'
      - 'Logs & Access Logs': 'observe/logs-and-access-logs.md'
      - 'Metrics': 'observe/metrics.md'
      - 'Tracing': 'observe/tracing.md'
  - 'Configuration Discovery':
      - 'Overview': 'providers/overview.md'
      - 'Docker': 'providers/docker.md'
--- a/integration/fixtures/k8s/01-traefik-crd.yml
+++ b/integration/fixtures/k8s/01-traefik-crd.yml
@@ -1949,7 +1949,7 @@ spec:
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
-                      (301).
+                      (308).
                    type: boolean
                  regex:
                    description: Regex defines the regex used to match and capture
@@ -1968,7 +1968,7 @@ spec:
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
-                      (301).
+                      (308).
                    type: boolean
                  port:
                    description: Port defines the port of the new URL.
--- a/internal/gendoc.go
+++ b/internal/gendoc.go
@@ -338,6 +338,11 @@ func genKVDynConfDoc(outputFile string) {
 CODE GENERATED AUTOMATICALLY
 THIS FILE MUST NOT BE EDITED BY HAND
 -->
 `)
 	_, _ = fmt.Fprintf(file, `
 | Key (Path) | Value |
 |------------|-------|
 `)
 	for _, k := range keys {
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@@ -641,7 +641,7 @@ type RedirectRegex struct {
 	Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
 	// Replacement defines how to modify the URL to have the new target URL.
 	Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty"`
-	// Permanent defines whether the redirection is permanent (301).
+	// Permanent defines whether the redirection is permanent (308).
 	Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
 }
@@ -655,7 +655,7 @@ type RedirectScheme struct {
 	Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
 	// Port defines the port of the new URL.
 	Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
-	// Permanent defines whether the redirection is permanent (301).
+	// Permanent defines whether the redirection is permanent (308).
 	Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
 }
--- a/pkg/provider/kv/redis/redis.go
+++ b/pkg/provider/kv/redis/redis.go
@@ -21,14 +21,14 @@ type Provider struct {
 	Username string           `description:"Username for authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
 	Password string           `description:"Password for authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
 	DB       int              `description:"Database to be selected after connecting to the server." json:"db,omitempty" toml:"db,omitempty" yaml:"db,omitempty"`
-	Sentinel *Sentinel        `description:"Enable Sentinel support." json:"sentinel,omitempty" toml:"sentinel,omitempty" yaml:"sentinel,omitempty"`
+	Sentinel *Sentinel        `description:"Enable Sentinel support." json:"sentinel,omitempty" toml:"sentinel,omitempty" yaml:"sentinel,omitempty" export:"true"`
 }
 // Sentinel holds the Redis Sentinel configuration.
 type Sentinel struct {
 	MasterName string `description:"Name of the master." json:"masterName,omitempty" toml:"masterName,omitempty" yaml:"masterName,omitempty" export:"true"`
-	Username   string `description:"Username for Sentinel authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" export:"true"`
+	Username   string `description:"Username for Sentinel authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
-	Password   string `description:"Password for Sentinel authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" export:"true"`
+	Password   string `description:"Password for Sentinel authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
 	LatencyStrategy bool `description:"Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy)." json:"latencyStrategy,omitempty" toml:"latencyStrategy,omitempty" yaml:"latencyStrategy,omitempty" export:"true"`
 	RandomStrategy  bool `description:"Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy)." json:"randomStrategy,omitempty" toml:"randomStrategy,omitempty" yaml:"randomStrategy,omitempty" export:"true"`
`@@ -1,4 +1,4 @@`
	`FROM alpine:3.21`	`FROM alpine:3.22`

	`ENV PATH="${PATH}:/venv/bin"`	`ENV PATH="${PATH}:/venv/bin"`