Prepare release v2.1.5

fix: YML example of template for the file provider.
Allow fsnotify to reload config files on k8s (or symlinks)
2025-09-08 13:44:22 +03:00 · 2020-02-28 18:02:05 +01:00 · 2020-02-28 14:52:05 +01:00 · 2020-02-26 17:50:07 +01:00 · 2020-02-26 16:38:05 +01:00 · 2020-02-26 11:10:06 +01:00
208 changed files with 4190 additions and 1714 deletions
--- a/.golangci.toml
+++ b/.golangci.toml
@@ -47,6 +47,7 @@
    "gocognit",
    "bodyclose", # Too many false-positive and panics.
    "wsl", # Too strict
+    "gomnd", # Too strict
    "stylecheck", # skip because report issues related to some generated files.
  ]

@@ -92,6 +93,15 @@
 [[issues.exclude-rules]]
    path = "cmd/configuration.go"
    text = "string `traefik` has (\\d) occurrences, make it a constant"
+ [[issues.exclude-rules]]
+    path = "pkg/server/middleware/middlewares.go"
+    text = "Function 'buildConstructor' is too long \\(\\d+ > 230\\)"
 [[issues.exclude-rules]] # FIXME must be fixed
    path = "cmd/context.go"
    text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
+ [[issues.exclude-rules]]
+    path = "pkg/tracing/haystack/logger.go"
+    linters = ["goprintffuncname"]
+ [[issues.exclude-rules]]
+    path = "pkg/tracing/tracing.go"
+    text = "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,95 @@
+## [v2.1.5](https://github.com/containous/traefik/tree/v2.1.5) (2020-02-28)
+[All Commits](https://github.com/containous/traefik/compare/v2.1.4...v2.1.5)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v3.4.0 ([#6376](https://github.com/containous/traefik/pull/6376) by [ldez](https://github.com/ldez))
+- **[api]** Return an error when ping is not enabled. ([#6304](https://github.com/containous/traefik/pull/6304) by [ldez](https://github.com/ldez))
+- **[consulcatalog]** Early filter of the catalog services. ([#6307](https://github.com/containous/traefik/pull/6307) by [ldez](https://github.com/ldez))
+- **[consulcatalog]** fix: consul-catalog uses port from label instead of item port. ([#6345](https://github.com/containous/traefik/pull/6345) by [ldez](https://github.com/ldez))
+- **[file]** fix: YML example of template for the file provider. ([#6402](https://github.com/containous/traefik/pull/6402) by [ldez](https://github.com/ldez))
+- **[file]** Allow fsnotify to reload config files on k8s (or symlinks) ([#5037](https://github.com/containous/traefik/pull/5037) by [dtomcej](https://github.com/dtomcej))
+- **[healthcheck]** Launch healthcheck only one time instead of two ([#6372](https://github.com/containous/traefik/pull/6372) by [juliens](https://github.com/juliens))
+- **[k8s,k8s/crd,k8s/ingress]** Fix secret informer load ([#6364](https://github.com/containous/traefik/pull/6364) by [mmatur](https://github.com/mmatur))
+- **[k8s,k8s/crd]** Use consistent protocol determination ([#6365](https://github.com/containous/traefik/pull/6365) by [dtomcej](https://github.com/dtomcej))
+- **[k8s,k8s/crd]** fix: use the right error in the log ([#6311](https://github.com/containous/traefik/pull/6311) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[provider]** Don&#39;t throw away valid configuration updates ([#5952](https://github.com/containous/traefik/pull/5952) by [zaphod42](https://github.com/zaphod42))
+- **[tls]** Consider SSLv2 as TLS in order to close the handshake correctly ([#6371](https://github.com/containous/traefik/pull/6371) by [juliens](https://github.com/juliens))
+- **[tracing]** Fix docs and code to match in haystack tracing. ([#6352](https://github.com/containous/traefik/pull/6352) by [evanlurvey](https://github.com/evanlurvey))
+
+**Documentation:**
+- **[acme]** Improve documentation. ([#6324](https://github.com/containous/traefik/pull/6324) by [ldez](https://github.com/ldez))
+- **[file]** Add information about filename and directory options. ([#6333](https://github.com/containous/traefik/pull/6333) by [ldez](https://github.com/ldez))
+- **[k8s,k8s/ingress]** Docs: Clarifying format of ingress endpoint service name ([#6306](https://github.com/containous/traefik/pull/6306) by [BretFisher](https://github.com/BretFisher))
+- **[k8s/crd]** fix: dashboard example with k8s CRD. ([#6330](https://github.com/containous/traefik/pull/6330) by [ldez](https://github.com/ldez))
+- **[middleware,k8s]** Fix formatting in &#34;Kubernetes Namespace&#34; block ([#6305](https://github.com/containous/traefik/pull/6305) by [berekuk](https://github.com/berekuk))
+- **[tls]** Remove TLS cipher suites for TLS minVersion 1.3 ([#6328](https://github.com/containous/traefik/pull/6328) by [rYR79435](https://github.com/rYR79435))
+- **[tls]** Fix typo in the godoc of TLS option MaxVersion ([#6347](https://github.com/containous/traefik/pull/6347) by [pschaub](https://github.com/pschaub))
+- Use explicitly the word Kubernetes in the migration guide. ([#6380](https://github.com/containous/traefik/pull/6380) by [ldez](https://github.com/ldez))
+- Minor readme improvements ([#6293](https://github.com/containous/traefik/pull/6293) by [Rowayda-Khayri](https://github.com/Rowayda-Khayri))
+- Added link to community forum ([#6283](https://github.com/containous/traefik/pull/6283) by [isaacnewtonfx](https://github.com/isaacnewtonfx))
+
+## [v2.1.4](https://github.com/containous/traefik/tree/v2.1.4) (2020-02-06)
+[All Commits](https://github.com/containous/traefik/compare/v2.1.3...v2.1.4)
+
+**Bug fixes:**
+- **[acme,logs]** Improvement of the certificates resolvers logs ([#6225](https://github.com/containous/traefik/pull/6225) by [ldez](https://github.com/ldez))
+- **[acme]** Fix kubernetes providers shutdown and clean safe.Pool ([#6244](https://github.com/containous/traefik/pull/6244) by [juliens](https://github.com/juliens))
+- **[authentication,middleware]** don&#39;t create http client for each request in forwardAuth middleware ([#6267](https://github.com/containous/traefik/pull/6267) by [juliens](https://github.com/juliens))
+- **[k8s,k8s/ingress]** Allow wildcard hosts in ingress provider ([#6251](https://github.com/containous/traefik/pull/6251) by [dtomcej](https://github.com/dtomcej))
+- **[logs,tls]** Properly purge default certificate from stores before logging ([#6281](https://github.com/containous/traefik/pull/6281) by [dtomcej](https://github.com/dtomcej))
+- **[middleware]** use provider-qualified name when recursing for chain ([#6233](https://github.com/containous/traefik/pull/6233) by [mpl](https://github.com/mpl))
+
+**Documentation:**
+- **[acme,cli]** Documentation fix for acme.md CLI ([#6262](https://github.com/containous/traefik/pull/6262) by [altano](https://github.com/altano))
+- **[acme,k8s/crd]** Add missing certResolver in IngressRoute examples. ([#6265](https://github.com/containous/traefik/pull/6265) by [ldez](https://github.com/ldez))
+- **[k8s]** fix a typo ([#6279](https://github.com/containous/traefik/pull/6279) by [silenceshell](https://github.com/silenceshell))
+- **[middleware]** Minor documentation tweaks. ([#6218](https://github.com/containous/traefik/pull/6218) by [stevegroom](https://github.com/stevegroom))
+- Correct a trivial spelling mistake in the documentation. ([#6269](https://github.com/containous/traefik/pull/6269) by [nepella](https://github.com/nepella))
+- Update install-traefik.md ([#6260](https://github.com/containous/traefik/pull/6260) by [bitfactory-sander-lissenburg](https://github.com/bitfactory-sander-lissenburg))
+- doc: use the same entry point name everywhere ([#6219](https://github.com/containous/traefik/pull/6219) by [ldez](https://github.com/ldez))
+- readme: update links to use HTTPS ([#6274](https://github.com/containous/traefik/pull/6274) by [imba-tjd](https://github.com/imba-tjd))
+
+## [v2.1.3](https://github.com/containous/traefik/tree/v2.1.3) (2020-01-21)
+[All Commits](https://github.com/containous/traefik/compare/v2.1.2...v2.1.3)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v3.3.0 ([#6192](https://github.com/containous/traefik/pull/6192) by [shilch](https://github.com/shilch))
+- **[docker]** Use the calculated port when useBindPortIP is enabled ([#6199](https://github.com/containous/traefik/pull/6199) by [juliens](https://github.com/juliens))
+- **[docker]** fix: invalid service definition. ([#6198](https://github.com/containous/traefik/pull/6198) by [ldez](https://github.com/ldez))
+- **[server]** Remove Content-Type auto-detection ([#6097](https://github.com/containous/traefik/pull/6097) by [juliens](https://github.com/juliens))
+- **[service]** fix memleak in safe.Pool ([#6140](https://github.com/containous/traefik/pull/6140) by [mpl](https://github.com/mpl))
+
+**Documentation:**
+- **[docker]** Fix typo in docker routing documentation ([#6147](https://github.com/containous/traefik/pull/6147) by [tvrg](https://github.com/tvrg))
+- **[k8s]** Fixed typo in k8s doc ([#6163](https://github.com/containous/traefik/pull/6163) by [MyIgel](https://github.com/MyIgel))
+- **[marathon]** Fix typo in Marathon doc. ([#6150](https://github.com/containous/traefik/pull/6150) by [thatshubham](https://github.com/thatshubham))
+- **[middleware]** Adding an explanation how to use `htpasswd` for k8s secret ([#6194](https://github.com/containous/traefik/pull/6194) by [jamct](https://github.com/jamct))
+- doc: adds an explanation of the global redirection pattern. ([#6195](https://github.com/containous/traefik/pull/6195) by [ldez](https://github.com/ldez))
+- Fix small typo in user-guides documentation ([#6154](https://github.com/containous/traefik/pull/6154) by [evert-arias](https://github.com/evert-arias))
+
+## [v2.1.2](https://github.com/containous/traefik/tree/v2.1.2) (2020-01-07)
+[All Commits](https://github.com/containous/traefik/compare/v2.1.1...v2.1.2)
+
+**Bug fixes:**
+- **[authentication,middleware,tracing]** fix(tracing): makes sure tracing headers are being propagated when using forwardAuth ([#6072](https://github.com/containous/traefik/pull/6072) by [jcchavezs](https://github.com/jcchavezs))
+- **[cli]** fix: invalid label/flag parsing. ([#6028](https://github.com/containous/traefik/pull/6028) by [ldez](https://github.com/ldez))
+- **[consulcatalog]** Query consul catalog for service health separately ([#6046](https://github.com/containous/traefik/pull/6046) by [SantoDE](https://github.com/SantoDE))
+- **[k8s,k8s/crd]** Restore ExternalName https support for Kubernetes CRD ([#6037](https://github.com/containous/traefik/pull/6037) by [kpeiruza](https://github.com/kpeiruza))
+- **[k8s,k8s/crd]** Log the ignored namespace only when needed ([#6087](https://github.com/containous/traefik/pull/6087) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[k8s,k8s/ingress]** k8s Ingress: fix crash on rules with nil http ([#6121](https://github.com/containous/traefik/pull/6121) by [grimmy](https://github.com/grimmy))
+- **[logs]** Improves error message when a configuration file is empty. ([#6135](https://github.com/containous/traefik/pull/6135) by [ldez](https://github.com/ldez))
+- **[server]** Handle respondingTimeout and better shutdown tests. ([#6115](https://github.com/containous/traefik/pull/6115) by [juliens](https://github.com/juliens))
+- **[server]** Don&#39;t set user-agent to Go-http-client/1.1 ([#6030](https://github.com/containous/traefik/pull/6030) by [sh7dm](https://github.com/sh7dm))
+- **[tracing]** fix: Malformed x-b3-traceid Header ([#6079](https://github.com/containous/traefik/pull/6079) by [ldez](https://github.com/ldez))
+- **[webui]** fix: dashboard redirect loop ([#6078](https://github.com/containous/traefik/pull/6078) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[acme]** Use consistent name in ACME documentation ([#6019](https://github.com/containous/traefik/pull/6019) by [ldez](https://github.com/ldez))
+- **[api,k8s/crd]** Add a documentation example for dashboard and api for kubernetes CRD ([#6022](https://github.com/containous/traefik/pull/6022) by [dduportal](https://github.com/dduportal))
+- **[cli]** Fix examples for the use of websecure via CLI ([#6116](https://github.com/containous/traefik/pull/6116) by [tiagoboeing](https://github.com/tiagoboeing))
+- **[k8s,k8s/crd]** Improve documentation about Kubernetes IngressRoute ([#6058](https://github.com/containous/traefik/pull/6058) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[middleware]** Improve sourceRange explanation for ipWhiteList ([#6070](https://github.com/containous/traefik/pull/6070) by [der-domi](https://github.com/der-domi))
+
 ## [v2.1.1](https://github.com/containous/traefik/tree/v2.1.1) (2019-12-12)
 [All Commits](https://github.com/containous/traefik/compare/v2.1.0...v2.1.1)

--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,6 +1,6 @@
 The MIT License (MIT)

-Copyright (c) 2016-2018 Containous SAS
+Copyright (c) 2016-2020 Containous SAS

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@

 [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
 [![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
-[![Go Report Card](https://goreportcard.com/badge/containous/traefik)](http://goreportcard.com/report/containous/traefik)
+[![Go Report Card](https://goreportcard.com/badge/containous/traefik)](https://goreportcard.com/report/containous/traefik)
 [![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
 [![Join the community support forum at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
@@ -89,7 +89,7 @@ You can access the simple HTML frontend of Traefik.

 You can find the complete documentation of Traefik v2 at [https://docs.traefik.io](https://docs.traefik.io).

-If you are using Traefik v1, you can find the complete documentation at [https://docs.traefik.io/v1.7/](https://docs.traefik.io/v1.7/)
+If you are using Traefik v1, you can find the complete documentation at [https://docs.traefik.io/v1.7/](https://docs.traefik.io/v1.7/).

 A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).

@@ -122,7 +122,7 @@ git clone https://github.com/containous/traefik

 ## Introductory Videos

-You can find high level and deep dive videos on [videos.containo.us](https://videos.containo.us)
+You can find high level and deep dive videos on [videos.containo.us](https://videos.containo.us).

 ## Maintainers

@@ -138,16 +138,16 @@ By participating in this project, you agree to abide by its terms.
 ## Release Cycle

 - We release a new version (e.g. 1.1.0, 1.2.0, 1.3.0) every other month.
- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0)
- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only)
+- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
+- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).

-Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out)
+Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).

-We use [Semantic Versioning](http://semver.org/)
+We use [Semantic Versioning](https://semver.org/).

-## Mailing lists
+## Mailing Lists

- General announcements, new releases: mail at news+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/news)
+- General announcements, new releases: mail at news+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/news).
 - Security announcements: mail at security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).

 ## Credits
@@ -156,5 +156,5 @@ Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on t

 Traefik's logo is licensed under the Creative Commons 3.0 Attributions license.

-Traefik's logo was inspired by the gopher stickers made by Takuya Ueda (https://twitter.com/tenntenn).
-The original Go gopher was designed by Renee French (http://reneefrench.blogspot.com/).
+Traefik's logo was inspired by the gopher stickers made by [Takuya Ueda](https://twitter.com/tenntenn).
+The original Go gopher was designed by [Renee French](https://reneefrench.blogspot.com/).
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \
    && chmod +x /usr/local/bin/go-bindata

 # Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.20.0
+RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.23.0

 # Download golangci-lint and misspell binary to bin folder in $GOPATH
 RUN GO111MODULE=off go get github.com/client9/misspell/cmd/misspell
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -172,7 +172,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err

 	acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager)

-	serverEntryPointsTCP, err := server.NewTCPEntryPoints(*staticConfiguration)
+	serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints)
 	if err != nil {
 		return nil, err
 	}
@@ -267,14 +267,18 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
 			}

 			if err := providerAggregator.AddProvider(p); err != nil {
-				log.WithoutContext().Errorf("Unable to add ACME provider to the providers list: %v", err)
+				log.WithoutContext().Errorf("The ACME resolver %q is skipped from the resolvers list because: %v", name, err)
 				continue
 			}
+
 			p.SetTLSManager(tlsManager)
+
 			if p.TLSChallenge != nil {
 				tlsManager.TLSAlpnGetter = p.GetTLSALPNCertificate
 			}
+
 			p.SetConfigListenerChan(make(chan dynamic.Configuration))
+
 			resolvers = append(resolvers, p)
 		}
 	}
@@ -404,13 +408,13 @@ func stats(staticConfiguration *static.Configuration) {
 		logger.Info(`Stats collection is enabled.`)
 		logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
 		logger.Info(`Help us improve Traefik by leaving this feature on :)`)
-		logger.Info(`More details on: https://docs.traefik.io/v2.0/contributing/data-collection/`)
+		logger.Info(`More details on: https://docs.traefik.io/contributing/data-collection/`)
 		collect(staticConfiguration)
 	} else {
 		logger.Info(`
 Stats collection is disabled.
 Help us improve Traefik by turning this feature on :)
-More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
+More details on: https://docs.traefik.io/contributing/data-collection/
 `)
 	}
 }
--- a/docs/content/assets/img/quickstart-diagram.png
+++ b/docs/content/assets/img/quickstart-diagram.png
--- a/docs/content/contributing/building-testing.md
+++ b/docs/content/contributing/building-testing.md
@@ -62,7 +62,7 @@ Requirements:

 - `go` v1.13+
 - environment variable `GO111MODULE=on`
- go-bindata `GO111MODULE=off go get -u github.com/containous/go-bindata/...`
+- [go-bindata](https://github.com/containous/go-bindata) `GO111MODULE=off go get -u github.com/containous/go-bindata/...`

 !!! tip "Source Directory"

@@ -98,7 +98,8 @@ Requirements:
 #### Build Traefik

 Once you've set up your go environment and cloned the source repository, you can build Traefik.
-Beforehand, you need to get `go-bindata` (the first time) in order to be able to use the `go generate` command (which is part of the build process).
+
+Beforehand, you need to get [go-bindata](https://github.com/containous/go-bindata) (the first time) in order to be able to use the `go generate` command (which is part of the build process).

 ```bash
 cd ~/go/src/github.com/containous/traefik
@@ -123,10 +124,6 @@ go build ./cmd/traefik

 You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/containous/traefik` directory.

-### Updating the templates
-
-If you happen to update the provider's templates (located in `/templates`), you must run `go generate` to update the `autogen` package.
-
 ## Testing

 ### Method 1: `Docker` and `make`
--- a/docs/content/contributing/submitting-pull-requests.md
+++ b/docs/content/contributing/submitting-pull-requests.md
@@ -3,11 +3,11 @@
 A Quick Guide for Efficient Contributions
 {: .subtitle }

-So you've decide to improve Traefik? 
+So you've decided to improve Traefik? 
 Thank You! 
 Now the last step is to submit your Pull Request in a way that makes sure it gets the attention it deserves.

-Let's go though the classic pitfalls to make sure everything is right. 
+Let's go through the classic pitfalls to make sure everything is right. 

 ## Title

@@ -36,7 +36,7 @@ Help the readers focus on what matters, and help them understand the structure o
 - Add tests.
 - Address review comments in terms of additional commits (and don't amend/squash existing ones unless the PR is trivial).

-!!! note "third-party dependencies"
+!!! note "Third-Party Dependencies"

    If a PR involves changes to third-party dependencies, the commits pertaining to the vendor folder and the manifest/lock file(s) should be committed separated.

--- a/docs/content/getting-started/configuration-overview.md
+++ b/docs/content/getting-started/configuration-overview.md
@@ -74,7 +74,7 @@ traefik --help
 # or

 docker run traefik[:version] --help
-# ex: docker run traefik:2.0 --help
+# ex: docker run traefik:2.1 --help
 ```

 All available arguments can also be found [here](../reference/static-configuration/cli.md).
--- a/docs/content/getting-started/install-traefik.md
+++ b/docs/content/getting-started/install-traefik.md
@@ -9,11 +9,11 @@ You can install Traefik with the following flavors:

 ## Use the Official Docker Image

-Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.0/traefik.sample.toml):
+Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.1/traefik.sample.toml):

 ```bash
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.0
+    -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.1
 ```

 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -21,9 +21,9 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 !!! tip

    * Prefer a fixed version than the latest that could be an unexpected version.
-    ex: `traefik:v2.0.0`
+    ex: `traefik:v2.1.4`
    * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
-    * All the orchestrator using docker images could fetch the official Traefik docker image.
+    * Any orchestrator using docker images can fetch the official Traefik docker image.

 ## Use the Helm Chart

@@ -72,7 +72,7 @@ helm install ./traefik-helm-chart
    {: #helm-custom-values }
    
    The values are not (yet) documented, but are self-explanatory:
-    you can look at the [default `values.yaml`](https://github.com/containous/traefik-helm-chart/blob/master/values.yaml) file to explore possibilities.
+    you can look at the [default `values.yaml`](https://github.com/containous/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
    
    Example of installation with logging set to `DEBUG`:
    
--- a/docs/content/getting-started/quick-start.md
+++ b/docs/content/getting-started/quick-start.md
@@ -14,8 +14,8 @@ version: '3'

 services:
  reverse-proxy:
-    # The official v2.0 Traefik docker image
-    image: traefik:v2.0
+    # The official v2 Traefik docker image
+    image: traefik:v2.1
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -23,6 +23,25 @@ Certificates are requested for domain names retrieved from the router's [dynamic

 You can read more about this retrieval mechanism in the following section: [ACME Domain Definition](#domain-definition).

+!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
+
+??? note "Configuration Reference"
+    
+    There are many available options for ACME.
+    For a quick glance at what's possible, browse the configuration reference:
+    
+    ```toml tab="File (TOML)"
+    --8<-- "content/https/ref-acme.toml"
+    ```
+    
+    ```yaml tab="File (YAML)"
+    --8<-- "content/https/ref-acme.yaml"
+    ```
+    
+    ```bash tab="CLI"
+    --8<-- "content/https/ref-acme.txt"
+    ```
+
 ## Domain Definition

 Certificate resolvers request certificates for a set of the domain names 
@@ -56,13 +75,13 @@ Please check the [configuration examples below](#configuration-examples) for mor
      [entryPoints.web]
        address = ":80"
    
-      [entryPoints.web-secure]
+      [entryPoints.websecure]
        address = ":443"
    
-    [certificatesResolvers.sample.acme]
+    [certificatesResolvers.myresolver.acme]
      email = "your-email@your-domain.org"
      storage = "acme.json"
-      [certificatesResolvers.sample.acme.httpChallenge]
+      [certificatesResolvers.myresolver.acme.httpChallenge]
        # used during the challenge
        entryPoint = "web"
    ```
@@ -72,11 +91,11 @@ Please check the [configuration examples below](#configuration-examples) for mor
      web:
        address: ":80"
    
-      web-secure:
+      websecure:
        address: ":443"
    
    certificatesResolvers:
-      sample:
+      myresolver:
        acme:
          email: your-email@your-domain.org
          storage: acme.json
@@ -89,31 +108,14 @@ Please check the [configuration examples below](#configuration-examples) for mor
    --entryPoints.web.address=:80
    --entryPoints.websecure.address=:443
    # ...
-    --certificatesResolvers.sample.acme.email=your-email@your-domain.org
-    --certificatesResolvers.sample.acme.storage=acme.json
+    --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
+    --certificatesResolvers.myresolver.acme.storage=acme.json
    # used during the challenge
-    --certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
+    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
    ```

 !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."

-??? note "Configuration Reference"
-    
-    There are many available options for ACME.
-    For a quick glance at what's possible, browse the configuration reference:
-    
-    ```toml tab="File (TOML)"
-    --8<-- "content/https/ref-acme.toml"
-    ```
-    
-    ```yaml tab="File (YAML)"
-    --8<-- "content/https/ref-acme.yaml"
-    ```
-    
-    ```bash tab="CLI"
-    --8<-- "content/https/ref-acme.txt"
-    ```
-
 ??? example "Single Domain from Router's Rule Example"
    
    * A certificate for the domain `company.com` is requested:
@@ -164,14 +166,14 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
 ??? example "Configuring the `tlsChallenge`"

    ```toml tab="File (TOML)"
-    [certificatesResolvers.sample.acme]
+    [certificatesResolvers.myresolver.acme]
      # ...
-      [certificatesResolvers.sample.acme.tlsChallenge]
+      [certificatesResolvers.myresolver.acme.tlsChallenge]
    ```

    ```yaml tab="File (YAML)"
    certificatesResolvers:
-      sample:
+      myresolver:
        acme:
          # ...
          tlsChallenge: {}
@@ -179,7 +181,7 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
    
    ```bash tab="CLI"
    # ...
-    --certificatesResolvers.sample.acme.tlsChallenge=true
+    --certificatesResolvers.myresolver.acme.tlsChallenge=true
    ```

 ### `httpChallenge`
@@ -187,7 +189,7 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
 Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI.

 As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72),
-when using the `HTTP-01` challenge, `certificatesResolvers.sample.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80.
+when using the `HTTP-01` challenge, `certificatesResolvers.myresolver.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80.

 ??? example "Using an EntryPoint Called http for the `httpChallenge`"

@@ -196,12 +198,12 @@ when using the `HTTP-01` challenge, `certificatesResolvers.sample.acme.httpChall
      [entryPoints.web]
        address = ":80"
      
-      [entryPoints.web-secure]
+      [entryPoints.websecure]
        address = ":443"
    
-    [certificatesResolvers.sample.acme]
+    [certificatesResolvers.myresolver.acme]
      # ...
-      [certificatesResolvers.sample.acme.httpChallenge]
+      [certificatesResolvers.myresolver.acme.httpChallenge]
        entryPoint = "web"
    ```

@@ -210,11 +212,11 @@ when using the `HTTP-01` challenge, `certificatesResolvers.sample.acme.httpChall
      web:
        address: ":80"
    
-      web-secure:
+      websecure:
        address: ":443"
    
    certificatesResolvers:
-      sample:
+      myresolver:
        acme:
          # ...
          httpChallenge:
@@ -225,7 +227,7 @@ when using the `HTTP-01` challenge, `certificatesResolvers.sample.acme.httpChall
    --entryPoints.web.address=:80
    --entryPoints.websecure.address=:443
    # ...
-    --certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
+    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
    ```

 !!! info ""
@@ -238,9 +240,9 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
 ??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"

    ```toml tab="File (TOML)"
-    [certificatesResolvers.sample.acme]
+    [certificatesResolvers.myresolver.acme]
      # ...
-      [certificatesResolvers.sample.acme.dnsChallenge]
+      [certificatesResolvers.myresolver.acme.dnsChallenge]
        provider = "digitalocean"
        delayBeforeCheck = 0
    # ...
@@ -248,7 +250,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
    
    ```yaml tab="File (YAML)"
    certificatesResolvers:
-      sample:
+      myresolver:
        acme:
          # ...
          dnsChallenge:
@@ -259,8 +261,8 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
    
    ```bash tab="CLI"
    # ...
-    --certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
-    --certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
+    --certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean
+    --certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0
    # ...
    ```

@@ -285,10 +287,12 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [Azure](https://azure.microsoft.com/services/dns/)          | `azure`        | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)        |
 | [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)  | `bindman`      | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)      |
 | [Blue Cat](https://www.bluecatnetworks.com/)                | `bluecat`      | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)      |
+| [Checkdomain](https://www.checkdomain.de/)                  | `checkdomain`  | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
 | [ClouDNS](https://www.cloudns.net/)                         | `cloudns`      | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)      |
-| [Cloudflare](https://www.cloudflare.com)                    | `cloudflare`   | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)   |
+| [Cloudflare](https://www.cloudflare.com)                    | `cloudflare`   | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)   |
 | [CloudXNS](https://www.cloudxns.net)                        | `cloudxns`     | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)     |
 | [ConoHa](https://www.conoha.jp)                             | `conoha`       | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)       |
+| [Constellix](https://constellix.com)                        | `constellix`   | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)   |
 | [DigitalOcean](https://www.digitalocean.com)                | `digitalocean` | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
 | [DNSimple](https://dnsimple.com)                            | `dnsimple`     | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)     |
 | [DNS Made Easy](https://dnsmadeeasy.com)                    | `dnsmadeeasy`  | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)  |
@@ -332,7 +336,9 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [RFC2136](https://tools.ietf.org/html/rfc2136)              | `rfc2136`      | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)      |
 | [Route 53](https://aws.amazon.com/route53/)                 | `route53`      | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)      |
 | [Sakura Cloud](https://cloud.sakura.ad.jp/)                 | `sakuracloud`  | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)  |
+| [Scaleway](https://www.scaleway.com)                        | `scaleway`     | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)     |
 | [Selectel](https://selectel.ru/en/)                         | `selectel`     | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)     |
+| [Servercow](https://servercow.de)                           | `servercow`    | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)    |
 | [Stackpath](https://www.stackpath.com/)                     | `stackpath`    | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)    |
 | [TransIP](https://www.transip.nl/)                          | `transip`      | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/transip)      |
 | [VegaDNS](https://github.com/shupp/VegaDNS-API)             | `vegadns`      | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)      |
@@ -357,16 +363,16 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 Use custom DNS servers to resolve the FQDN authority.

 ```toml tab="File (TOML)"
-[certificatesResolvers.sample.acme]
+[certificatesResolvers.myresolver.acme]
  # ...
-  [certificatesResolvers.sample.acme.dnsChallenge]
+  [certificatesResolvers.myresolver.acme.dnsChallenge]
    # ...
    resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
 ```

 ```yaml tab="File (YAML)"
 certificatesResolvers:
-  sample:
+  myresolver:
    acme:
      # ...
      dnsChallenge:
@@ -378,7 +384,7 @@ certificatesResolvers:

 ```bash tab="CLI"
 # ...
--certificatesResolvers.sample.acme.dnsChallenge.resolvers:=1.1.1.1:53,8.8.8.8:53
+--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
 ```

 #### Wildcard Domains
@@ -393,7 +399,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
 ??? example "Using the Let's Encrypt staging server"

    ```toml tab="File (TOML)"
-    [certificatesResolvers.sample.acme]
+    [certificatesResolvers.myresolver.acme]
      # ...
      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
      # ...
@@ -401,7 +407,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
    
    ```yaml tab="File (YAML)"
    certificatesResolvers:
-      sample:
+      myresolver:
        acme:
          # ...
          caServer: https://acme-staging-v02.api.letsencrypt.org/directory
@@ -410,7 +416,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi

    ```bash tab="CLI"
    # ...
-    --certificatesResolvers.sample.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+    --certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
    # ...
    ```

@@ -419,7 +425,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
 The `storage` option sets the location where your ACME certificates are saved to.

 ```toml tab="File (TOML)"
-[certificatesResolvers.sample.acme]
+[certificatesResolvers.myresolver.acme]
  # ...
  storage = "acme.json"
  # ...
@@ -427,7 +433,7 @@ The `storage` option sets the location where your ACME certificates are saved to

 ```yaml tab="File (YAML)"
 certificatesResolvers:
-  sample:
+  myresolver:
    acme:
      # ...
      storage: acme.json
@@ -436,7 +442,7 @@ certificatesResolvers:

 ```bash tab="CLI"
 # ...
--certificatesResolvers.sample.acme.storage=acme.json
+--certificatesResolvers.myresolver.acme.storage=acme.json
 # ...
 ```

--- a/docs/content/https/include-acme-multiple-domains-example.md
+++ b/docs/content/https/include-acme-multiple-domains-example.md
@@ -4,7 +4,7 @@
 labels:
  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
-  - traefik.http.routers.blog.tls.certresolver=le
+  - traefik.http.routers.blog.tls.certresolver=myresolver
  - traefik.http.routers.blog.tls.domains[0].main=company.org
  - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
 ```
@@ -16,13 +16,12 @@ deploy:
    - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
    - traefik.http.routers.blog.tls=true
-    - traefik.http.routers.blog.tls.certresolver=le
+    - traefik.http.routers.blog.tls.certresolver=myresolver
    - traefik.http.routers.blog.tls.domains[0].main=company.org
    - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
 ```

 ```yaml tab="Kubernetes"
---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -37,14 +36,14 @@ spec:
    - name: blog
      port: 8080
  tls:
-    certResolver: le
+    certResolver: myresolver
 ```

 ```json tab="Marathon"
 labels: {
  "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
  "traefik.http.routers.blog.tls": "true",
-  "traefik.http.routers.blog.tls.certresolver": "le",
+  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.routers.blog.tls.domains[0].main": "company.com",
  "traefik.http.routers.blog.tls.domains[0].sans": "*.company.com",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
@@ -56,7 +55,7 @@ labels: {
 labels:
  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
-  - traefik.http.routers.blog.tls.certresolver=le
+  - traefik.http.routers.blog.tls.certresolver=myresolver
  - traefik.http.routers.blog.tls.domains[0].main=company.org
  - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
 ```
@@ -67,7 +66,7 @@ labels:
  [http.routers.blog]
    rule = "Host(`company.com`) && Path(`/blog`)"
    [http.routers.blog.tls]
-      certResolver = "le" # From static configuration
+      certResolver = "myresolver" # From static configuration
      [[http.routers.blog.tls.domains]]
        main = "company.org"
        sans = ["*.company.org"]
@@ -80,7 +79,7 @@ http:
    blog:
      rule: "Host(`company.com`) && Path(`/blog`)"
      tls:
-        certResolver: le
+        certResolver: myresolver
        domains:
          - main: "company.org"
            sans:
--- a/docs/content/https/include-acme-multiple-domains-from-rule-example.md
+++ b/docs/content/https/include-acme-multiple-domains-from-rule-example.md
@@ -4,7 +4,7 @@
 labels:
  - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
  - traefik.http.routers.blog.tls=true
-  - traefik.http.routers.blog.tls.certresolver=le
+  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```

 ```yaml tab="Docker (Swarm)"
@@ -12,13 +12,12 @@ labels:
 deploy:
  labels:
    - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
-    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
    - traefik.http.routers.blog.tls=true
-    - traefik.http.routers.blog.tls.certresolver=le
+    - traefik.http.routers.blog.tls.certresolver=myresolver
+    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
 ```

 ```yaml tab="Kubernetes"
---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -32,14 +31,15 @@ spec:
    services:
    - name: blog
      port: 8080
-  tls: {}
+  tls:
+    certresolver: myresolver
 ```

 ```json tab="Marathon"
 labels: {
  "traefik.http.routers.blog.rule": "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)",
  "traefik.http.routers.blog.tls": "true",
-  "traefik.http.routers.blog.tls.certresolver": "le",
+  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
@@ -49,7 +49,7 @@ labels: {
 labels:
  - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
  - traefik.http.routers.blog.tls=true
-  - traefik.http.routers.blog.tls.certresolver=le
+  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```

 ```toml tab="File (TOML)"
@@ -58,7 +58,7 @@ labels:
  [http.routers.blog]
    rule = "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
    [http.routers.blog.tls]
-      certResolver = "le" # From static configuration
+      certResolver = "myresolver"
 ```

 ```yaml tab="File (YAML)"
@@ -68,5 +68,5 @@ http:
    blog:
      rule: "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
      tls:
-        certResolver: le
+        certResolver: myresolver
 ```
--- a/docs/content/https/include-acme-single-domain-example.md
+++ b/docs/content/https/include-acme-single-domain-example.md
@@ -4,7 +4,7 @@
 labels:
  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
-  - traefik.http.routers.blog.tls.certresolver=le
+  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```

 ```yaml tab="Docker (Swarm)"
@@ -12,13 +12,12 @@ labels:
 deploy:
  labels:
    - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
-    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
    - traefik.http.routers.blog.tls=true
-    - traefik.http.routers.blog.tls.certresolver=le
+    - traefik.http.routers.blog.tls.certresolver=myresolver
+    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
 ```

 ```yaml tab="Kubernetes"
---
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
@@ -32,14 +31,15 @@ spec:
    services:
    - name: blog
      port: 8080
-  tls: {}
+  tls:
+    certresolver: myresolver
 ```

 ```json tab="Marathon"
 labels: {
  "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
  "traefik.http.routers.blog.tls": "true",
-  "traefik.http.routers.blog.tls.certresolver": "le",
+  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
@@ -49,16 +49,16 @@ labels: {
 labels:
  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
-  - traefik.http.routers.blog.tls.certresolver=le
+  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```

 ```toml tab="Single Domain"
 ## Dynamic configuration
 [http.routers]
-    [http.routers.blog]
-    rule = "Host(`company.com`) && Path(`/blog`)"
-    [http.routers.blog.tls]
-        certResolver = "le" # From static configuration
+  [http.routers.blog]
+  rule = "Host(`company.com`) && Path(`/blog`)"
+  [http.routers.blog.tls]
+    certResolver = "myresolver"
 ```

 ```yaml tab="File (YAML)"
@@ -68,5 +68,5 @@ http:
    blog:
      rule: "Host(`company.com`) && Path(`/blog`)"
      tls:
-        certResolver: le
+        certResolver: myresolver
 ```
--- a/docs/content/https/ref-acme.toml
+++ b/docs/content/https/ref-acme.toml
@@ -1,5 +1,5 @@
 # Enable ACME (Let's Encrypt): automatic SSL.
-[certificatesResolvers.sample.acme]
+[certificatesResolvers.myresolver.acme]

  # Email address used for registration.
  #
@@ -35,13 +35,13 @@
  #
  # Optional (but recommended)
  #
-  [certificatesResolvers.sample.acme.tlsChallenge]
+  [certificatesResolvers.myresolver.acme.tlsChallenge]

  # Use a HTTP-01 ACME challenge.
  #
  # Optional
  #
-  # [certificatesResolvers.sample.acme.httpChallenge]
+  # [certificatesResolvers.myresolver.acme.httpChallenge]

    # EntryPoint to use for the HTTP-01 challenges.
    #
@@ -54,7 +54,7 @@
  #
  # Optional
  #
-  # [certificatesResolvers.sample.acme.dnsChallenge]
+  # [certificatesResolvers.myresolver.acme.dnsChallenge]

    # DNS provider used.
    #
--- a/docs/content/https/ref-acme.txt
+++ b/docs/content/https/ref-acme.txt
@@ -4,13 +4,13 @@
 #
 # Required
 #
--certificatesResolvers.sample.acme.email=test@traefik.io
+--certificatesResolvers.myresolver.acme.email=test@traefik.io

 # File or key used for certificates storage.
 #
 # Required
 #
--certificatesResolvers.sample.acme.storage=acme.json
+--certificatesResolvers.myresolver.acme.storage=acme.json

 # CA server to use.
 # Uncomment the line to use Let's Encrypt's staging server,
@@ -19,7 +19,7 @@
 # Optional
 # Default: "https://acme-v02.api.letsencrypt.org/directory"
 #
--certificatesResolvers.sample.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+--certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory

 # KeyType to use.
 #
@@ -28,38 +28,38 @@
 #
 # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
 #
--certificatesResolvers.sample.acme.keyType=RSA4096
+--certificatesResolvers.myresolver.acme.keyType=RSA4096

 # Use a TLS-ALPN-01 ACME challenge.
 #
 # Optional (but recommended)
 #
--certificatesResolvers.sample.acme.tlsChallenge=true
+--certificatesResolvers.myresolver.acme.tlsChallenge=true

 # Use a HTTP-01 ACME challenge.
 #
 # Optional
 #
--certificatesResolvers.sample.acme.httpChallenge=true
+--certificatesResolvers.myresolver.acme.httpChallenge=true

 # EntryPoint to use for the HTTP-01 challenges.
 #
 # Required
 #
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
+--certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web

 # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
 # Note: mandatory for wildcard certificate generation.
 #
 # Optional
 #
--certificatesResolvers.sample.acme.dnsChallenge=true
+--certificatesResolvers.myresolver.acme.dnsChallenge=true

 # DNS provider used.
 #
 # Required
 #
--certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
+--certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean

 # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
 # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
@@ -68,14 +68,14 @@
 # Optional
 # Default: 0
 #
--certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
+--certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0

 # Use following DNS servers to resolve the FQDN authority.
 #
 # Optional
 # Default: empty
 #
--certificatesResolvers.sample.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
+--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53

 # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
 #
@@ -85,4 +85,4 @@
 # Optional
 # Default: false
 #
--certificatesResolvers.sample.acme.dnsChallenge.disablePropagationCheck=true
+--certificatesResolvers.myresolver.acme.dnsChallenge.disablePropagationCheck=true
--- a/docs/content/https/ref-acme.yaml
+++ b/docs/content/https/ref-acme.yaml
@@ -1,5 +1,5 @@
 certificatesResolvers:
-  sample:
+  myresolver:
    # Enable ACME (Let's Encrypt): automatic SSL.
    acme:

--- a/docs/content/https/tls.md
+++ b/docs/content/https/tls.md
@@ -40,7 +40,7 @@ tls:

    In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
    It is the only available method to configure the certificates (as well as the options and the stores).
-    However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](../routing/providers/kubernetes-crd.md#tls). 
+    However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/). 

 ## Certificates Stores

--- a/docs/content/index.md
+++ b/docs/content/index.md
@@ -20,4 +20,9 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo

 !!! info

-    If you're a business running critical services behind Traefik, know that [Containous](https://containo.us), the company that sponsors Traefik's development, can provide [commercial support](https://info.containo.us/commercial-services) and develops an [Enterprise Edition](https://containo.us/traefikee/) of Traefik. 
+    Join our user friendly and active [Community Forum](https://community.containo.us) to discuss, learn, and connect with the traefik community.
+    
+    If you're a business running critical services behind Traefik,
+    know that [Containous](https://containo.us), the company that sponsors Traefik's development,
+    can provide [commercial support](https://info.containo.us/commercial-services)
+    and develops an [Enterprise Edition](https://containo.us/traefikee/) of Traefik.
--- a/docs/content/middlewares/basicauth.md
+++ b/docs/content/middlewares/basicauth.md
@@ -90,7 +90,7 @@ The `users` option is an array of authorized users. Each user will be declared u
 # Declaring the user list
 #
 # Note: all dollar signs in the hash need to be doubled for escaping.
-# To create user:password pair, it's possible to use this command:
+# To create a user:password pair, the following command can be used:
 # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -107,6 +107,10 @@ spec:
    secret: authsecret

 ---
+# Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first.
+# To create an encoded user:password pair, the following command can be used:
+# htpasswd -nb user password | openssl base64
+
 apiVersion: v1
 kind: Secret
 metadata:
--- a/docs/content/middlewares/contenttype.md
+++ b/docs/content/middlewares/contenttype.md
@@ -0,0 +1,83 @@
+
+# ContentType
+
+Handling ContentType auto-detection
+{: .subtitle }
+
+The Content-Type middleware - or rather its unique `autoDetect` option -
+specifies whether to let the `Content-Type` header,
+if it has not been set by the backend,
+be automatically set to a value derived from the contents of the response.
+
+As a proxy, the default behavior should be to leave the header alone,
+regardless of what the backend did with it.
+However, the historic default was to always auto-detect and set the header if it was nil,
+and it is going to be kept that way in order to support users currently relying on it.
+This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
+
+!!! info
+
+    As explained above, for compatibility reasons the default behavior on a router (without this middleware),
+    is still to automatically set the `Content-Type` header.
+    Therefore, given the default value of the `autoDetect` option (false),
+    simply enabling this middleware for a router switches the router's behavior.
+
+## Configuration Examples
+
+```yaml tab="Docker"
+# Disable auto-detection
+labels:
+  - "traefik.http.middlewares.autodetect.contenttype.autodetect=false"
+```
+
+```yaml tab="Kubernetes"
+# Disable auto-detection
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: autodetect
+spec:
+  contentType:
+    autoDetect: false
+```
+
+```yaml tab="Consul Catalog"
+# Disable auto-detection
+- "traefik.http.middlewares.autodetect.contenttype.autodetect=false"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.autodetect.contenttype.autodetect": "false"
+}
+```
+
+```yaml tab="Rancher"
+# Disable auto-detection
+labels:
+  - "traefik.http.middlewares.autodetect.contenttype.autodetect=false"
+```
+
+```toml tab="File (TOML)"
+# Disable auto-detection
+[http.middlewares]
+  [http.middlewares.autodetect.contentType]
+     autoDetect=false
+```
+
+```yaml tab="File (YAML)"
+# Disable auto-detection
+http:
+  middlewares:
+    autodetect:
+      contentType:
+        autoDetect: false
+```
+
+## Configuration Options
+
+### `autoDetect`
+
+`autoDetect` specifies whether to let the `Content-Type` header,
+if it has not been set by the backend,
+be automatically set to a value derived from the contents of the response.
--- a/docs/content/middlewares/ipwhitelist.md
+++ b/docs/content/middlewares/ipwhitelist.md
@@ -66,7 +66,7 @@ http:

 ### `sourceRange`

-The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs).
+The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).

 ### `ipStrategy`

--- a/docs/content/middlewares/overview.md
+++ b/docs/content/middlewares/overview.md
@@ -5,9 +5,9 @@ Tweaking the Request

 ![Overview](../assets/img/middleware/overview.png)

-Attached to the routers, pieces of middleware are a mean of tweaking the requests before they are sent to your [service](../routing/services/index.md) (or before the answer from the services are sent to the clients).
+Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your [service](../routing/services/index.md) (or before the answer from the services are sent to the clients).

-There are many different available middlewares in Traefik, some can modify the request, the headers, some are in charge of redirections, some add authentication, and so on.
+There are several available middleware in Traefik, some can modify the request, the headers, some are in charge of redirections, some add authentication, and so on.

 Pieces of middleware can be combined in chains to fit every scenario.

@@ -130,7 +130,7 @@ http:

 ## Provider Namespace

-When you declare a middleware, it lives in its provider namespace.
+When you declare a middleware, it lives in its provider's namespace.
 For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.

 If you use multiple providers and wish to reference a middleware declared in another provider
@@ -143,11 +143,11 @@ then you'll have to append to the middleware name, the `@` separator, followed b

 !!! important "Kubernetes Namespace"

-	As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
-with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
-In this case, since the definition of the middleware is not in kubernetes,
-specifying a "kubernetes namespace" when referring to the resource does not make any sense,
-and therefore this specification would be ignored even if present.
+    As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
+    with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
+    In this case, since the definition of the middleware is not in kubernetes,
+    specifying a "kubernetes namespace" when referring to the resource does not make any sense,
+    and therefore this specification would be ignored even if present.

 !!! abstract "Referencing a Middleware from Another Provider"

--- a/docs/content/middlewares/redirectscheme.md
+++ b/docs/content/middlewares/redirectscheme.md
@@ -11,6 +11,132 @@ RedirectScheme redirect request from a scheme to another.

 ## Configuration Examples

+```yaml tab="Docker"
+# Redirect to https
+labels:
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
+```
+
+```yaml tab="Kubernetes"
+# Redirect to https
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: test-redirectscheme
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+```
+
+```yaml tab="Consul Catalog"
+# Redirect to https
+labels:
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme": "https"
+  "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent": "true"
+}
+```
+
+```yaml tab="Rancher"
+# Redirect to https
+labels:
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
+```
+
+```toml tab="File (TOML)"
+# Redirect to https
+[http.middlewares]
+  [http.middlewares.test-redirectscheme.redirectScheme]
+    scheme = "https"
+    permanent = true
+```
+
+```yaml tab="File (YAML)"
+# Redirect to https
+http:
+  middlewares:
+    test-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true
+```
+
+## Configuration Options
+
+### `permanent`
+
+Set the `permanent` option to `true` to apply a permanent redirection.
+
+```yaml tab="Docker"
+# Redirect to https
+labels:
+  # ...
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
+```
+
+```yaml tab="Kubernetes"
+# Redirect to https
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: test-redirectscheme
+spec:
+  redirectScheme:
+    # ...
+    permanent: true
+```
+
+```yaml tab="Consul Catalog"
+# Redirect to https
+labels:
+  # ...
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
+```
+
+```json tab="Marathon"
+"labels": {
+
+  "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent": "true"
+}
+```
+
+```yaml tab="Rancher"
+# Redirect to https
+labels:
+  # ...
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
+```
+
+```toml tab="File (TOML)"
+# Redirect to https
+[http.middlewares]
+  [http.middlewares.test-redirectscheme.redirectScheme]
+    # ...
+    permanent = true
+```
+
+```yaml tab="File (YAML)"
+# Redirect to https
+http:
+  middlewares:
+    test-redirectscheme:
+      redirectScheme:
+        # ...
+        permanent: true
+```
+
+### `scheme`
+
+The `scheme` option defines the scheme of the new url.
+
 ```yaml tab="Docker"
 # Redirect to https
 labels:
@@ -31,7 +157,7 @@ spec:
 ```yaml tab="Consul Catalog"
 # Redirect to https
 labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
 ```

 ```json tab="Marathon"
@@ -62,16 +188,64 @@ http:
        scheme: https
 ```

-## Configuration Options
-
-### `permanent`
-
-Set the `permanent` option to `true` to apply a permanent redirection.
-
-### `scheme`
-
-The `scheme` option defines the scheme of the new url.
-
 ### `port`

 The `port` option defines the port of the new url.
+
+```yaml tab="Docker"
+# Redirect to https
+labels:
+  # ...
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
+```
+
+```yaml tab="Kubernetes"
+# Redirect to https
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: test-redirectscheme
+spec:
+  redirectScheme:
+    # ...
+    port: 443
+```
+
+```yaml tab="Consul Catalog"
+# Redirect to https
+labels:
+  # ...
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
+```
+
+```json tab="Marathon"
+"labels": {
+
+  "traefik.http.middlewares.test-redirectscheme.redirectscheme.port": "443"
+}
+```
+
+```yaml tab="Rancher"
+# Redirect to https
+labels:
+  # ...
+  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
+```
+
+```toml tab="File (TOML)"
+# Redirect to https
+[http.middlewares]
+  [http.middlewares.test-redirectscheme.redirectScheme]
+    # ...
+    port = 443
+```
+
+```yaml tab="File (YAML)"
+# Redirect to https
+http:
+  middlewares:
+    test-redirectscheme:
+      redirectScheme:
+        # ...
+        port: 443
+```
--- a/docs/content/migration/v1-to-v2.md
+++ b/docs/content/migration/v1-to-v2.md
@@ -104,7 +104,7 @@ Then any router can refer to an instance of the wanted middleware.

    ```yaml tab="K8s IngressRoute"
    # The definitions below require the definitions for the Middleware and IngressRoute kinds.
-    # https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
+    # https://docs.traefik.io/v2.1/reference/dynamic-configuration/kubernetes-crd/#definitions
    apiVersion: traefik.containo.us/v1alpha1
    kind: Middleware
    metadata:
@@ -184,23 +184,23 @@ Then any router can refer to an instance of the wanted middleware.
              - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
    ```

-## TLS Configuration Is Now Dynamic, per Router.
+## TLS Configuration is Now Dynamic, per Router.

 TLS parameters used to be specified in the static configuration, as an entryPoint field.
 With Traefik v2, a new dynamic TLS section at the root contains all the desired TLS configurations.
 Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one of the [TLS configurations](../https/tls.md) defined at the root, hence defining the [TLS configuration](../https/tls.md) for that router.

-!!! example "TLS on web-secure entryPoint becomes TLS option on Router-1"
+!!! example "TLS on websecure entryPoint becomes TLS option on Router-1"

    !!! info "v1"
    
    ```toml tab="File (TOML)"
    # static configuration
    [entryPoints]
-      [entryPoints.web-secure]
+      [entryPoints.websecure]
        address = ":443"
    
-        [entryPoints.web-secure.tls]
+        [entryPoints.websecure.tls]
          minVersion = "VersionTLS12"
          cipherSuites = [
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
@@ -209,14 +209,14 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-           ]
-          [[entryPoints.web-secure.tls.certificates]]
+          ]
+          [[entryPoints.websecure.tls.certificates]]
            certFile = "path/to/my.cert"
            keyFile = "path/to/my.key"
    ```

    ```bash tab="CLI"
-    --entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
+    --entryPoints='Name:websecure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
    ```

    !!! info "v2"
@@ -236,19 +236,16 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
      keyFile = "/path/to/domain.key"
    
    [tls.options]
-      [tls.options.default]
-        minVersion = "VersionTLS12"
-    
      [tls.options.myTLSOptions]
-        minVersion = "VersionTLS13"
+        minVersion = "VersionTLS12"
        cipherSuites = [
-            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
-            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
-            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            ]
+          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+          "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+          "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+        ]
    ```

    ```yaml tab="File (YAML)"
@@ -267,7 +264,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
          keyFile: /path/to/domain.key
      options:
        myTLSOptions:
-          minVersion: VersionTLS13
+          minVersion: VersionTLS12
          cipherSuites:
 	        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 	        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
@@ -278,7 +275,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o

    ```yaml tab="K8s IngressRoute"
    # The definitions below require the definitions for the TLSOption and IngressRoute kinds.
-    # https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
+    # https://docs.traefik.io/v2.1/reference/dynamic-configuration/kubernetes-crd/#definitions
    apiVersion: traefik.containo.us/v1alpha1
    kind: TLSOption
    metadata:
@@ -286,7 +283,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
      namespace: default
    
    spec:
-      minVersion: VersionTLS13
+      minVersion: VersionTLS12
      cipherSuites:
 	    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 	    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
@@ -322,50 +319,216 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
      - "traefik.http.routers.router0.tls.options=myTLSOptions@file"
    ```

-## HTTP to HTTPS Redirection Is Now Configured on Routers
+## HTTP to HTTPS Redirection is Now Configured on Routers

 Previously on Traefik v1, the redirection was applied on an entry point or on a frontend.
 With Traefik v2 it is applied on a [Router](../routing/routers/index.md). 

 To apply a redirection, one of the redirect middlewares, [RedirectRegex](../middlewares/redirectregex.md) or [RedirectScheme](../middlewares/redirectscheme.md), has to be configured and added to the router middlewares list.

-!!! example "HTTP to HTTPS redirection"
+!!! example "Global HTTP to HTTPS redirection"

    !!! info "v1"
    
    ```toml tab="File (TOML)"
    # static configuration
-    defaultEntryPoints = ["http", "https"]
+    defaultEntryPoints = ["web", "websecure"]
    
    [entryPoints]
-      [entryPoints.http]
+      [entryPoints.web]
        address = ":80"
-        [entryPoints.http.redirect]
-          entryPoint = "https"
+        [entryPoints.web.redirect]
+          entryPoint = "websecure"

-      [entryPoints.https]
+      [entryPoints.websecure]
        address = ":443"
-        [entryPoints.https.tls]
-          [[entryPoints.https.tls.certificates]]
+        [entryPoints.websecure.tls]
+    ```
+
+    ```bash tab="CLI"
+    --entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
+    --entryPoints='Name:websecure Address::443 TLS'
+    ```
+
+    !!! info "v2"
+    
+    ```yaml tab="Docker"
+    # ...
+      traefik:
+        image: traefik:v2.1
+        command:
+          - --entrypoints.web.address=:80
+          - --entrypoints.websecure.address=:443
+          - --providers.docker=true
+        ports:
+          - 80:80
+          - 443:443
+        labels:
+          traefik.http.routers.http_catchall.rule: HostRegexp(`{any:.+}`)
+          traefik.http.routers.http_catchall.entrypoints: web
+          traefik.http.routers.http_catchall.middlewares: https_redirect
+          traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
+          traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+    ```
+    
+    ```yaml tab="K8s IngressRoute"
+    # The entry points web (port 80) and websecure (port 443) must be defined the static configuration.
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: http_catchall
+      namespace: traefik
+    spec:
+      entryPoints:
+        - web
+      routes:
+        - match: HostRegexp(`{any:.+}`)
+          kind: Rule
+          services:
+            # any service in the namespace
+            # the service will be never called
+            - name: noop
+              port: 80
+          middlewares:
+            - name: https_redirect
+              # if the Middleware has distinct namespace
+              namespace: traefik
+    
+    ---
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware 
+    metadata:
+      name: https_redirect
+      namespace: traefik
+    spec:
+      redirectScheme:
+        scheme: https
+        permanent: true
+    ```
+    
+    ```toml tab="File (TOML)"
+    # traefik.toml
+    ## static configuration
+    
+    [entryPoints]
+      [entryPoints.web]
+        address = 80
+      [entryPoints.websecure]
+        address = 443
+    
+    [providers.file]
+      directory = "/dynamic/"
+    
+    ##--------------------##
+    
+    # /dynamic/redirect.toml
+    ## dynamic configuration
+    
+    [http.routers]
+      [http.routers.http_catchall]
+        entryPoints = ["web"]
+        middlewares = ["https_redirect"]
+        rule = "HostRegexp(`{any:.+}`)"
+        service = "noop"
+    
+    [http.services]
+      # noop service, the URL will be never called
+      [http.services.noop.loadBalancer]
+        [[http.services.noop.loadBalancer.servers]]
+          url = "http://192.168.0.1:1337"
+    
+    [http.middlewares]
+      [http.middlewares.https_redirect.redirectScheme]
+        scheme = "https"
+        permanent = true
+    ```
+    
+    ```yaml tab="File (YAML)"
+    # traefik.yaml
+    ## static configuration
+    
+    entryPoints:
+      web:
+        address: 80
+      websecure:
+        address: 443
+    
+    providers:
+      file:
+        directory: /dynamic/
+    
+    ##--------------------##
+    
+    # /dynamic/redirect.yml
+    ## dynamic configuration
+    
+    http:
+      routers:
+        http_catchall:
+          entryPoints:
+            - web
+          middlewares:
+            - https_redirect
+          rule: "HostRegexp(`{any:.+}`)"
+          service: noop
+    
+      services:
+        # noop service, the URL will be never called
+        noop:
+          loadBalancer:
+            servers:
+              - url: http://192.168.0.1:1337
+    
+      middlewares:
+        https_redirect:
+          redirectScheme:
+            scheme: https
+            permanent: true
+    ```
+
+!!! example "HTTP to HTTPS redirection per domain"
+
+    !!! info "v1"
+    
+    ```toml tab="File (TOML)"
+    # static configuration
+    defaultEntryPoints = ["web", "websecure"]
+    
+    [entryPoints]
+      [entryPoints.web]
+        address = ":80"
+        [entryPoints.web.redirect]
+          entryPoint = "websecure"
+
+      [entryPoints.websecure]
+        address = ":443"
+        [entryPoints.websecure.tls]
+          [[entryPoints.websecure.tls.certificates]]
            certFile = "examples/traefik.crt"
            keyFile = "examples/traefik.key"
    ```

    ```bash tab="CLI"
-    --entrypoints=Name:web Address::80 Redirect.EntryPoint:web-secure
-    --entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key'
+    --entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
+    --entryPoints='Name:websecure Address::443 TLS:path/to/my.cert,path/to/my.key'
    ```

    !!! info "v2"

    ```yaml tab="Docker"
    labels:
-    - traefik.http.routers.web.rule=Host(`foo.com`)
-    - traefik.http.routers.web.entrypoints=web
-    - traefik.http.routers.web.middlewares=redirect@file
-    - traefik.http.routers.web-secured.rule=Host(`foo.com`)
-    - traefik.http.routers.web-secured.entrypoints=web-secure
-    - traefik.http.routers.web-secured.tls=true
+      traefik.http.routers.app.rule: Host(`foo.com`)
+      traefik.http.routers.app.entrypoints: web
+      traefik.http.routers.app.middlewares: https_redirect
+    
+      traefik.http.routers.appsecured.rule: Host(`foo.com`)
+      traefik.http.routers.appsecured.entrypoints: websecure
+      traefik.http.routers.appsecured.tls: true
+    
+      traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
+      traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
    ```

    ```yaml tab="K8s IngressRoute"
@@ -384,7 +547,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
            - name: whoami
              port: 80
          middlewares:
-            - name: redirect
+            - name: https_redirect
    
    ---
    apiVersion: traefik.containo.us/v1alpha1
@@ -394,7 +557,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
    
    spec:
      entryPoints:
-        - web-secure
+        - websecure
      routes:
        - match: Host(`foo`)
          kind: Rule
@@ -407,11 +570,11 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
    apiVersion: traefik.containo.us/v1alpha1
    kind: Middleware
    metadata:
-      name: redirect
+      name: https_redirect
    spec:
      redirectScheme:
        scheme: https
-      
+        permanent: true
    ```

    ```toml tab="File (TOML)"
@@ -421,7 +584,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
    [entryPoints.web]
      address = ":80"
    
-    [entryPoints.web-secure]
+    [entryPoints.websecure]
      address = ":443"
    
    ##---------------------##
@@ -434,12 +597,12 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
        rule = "Host(`foo.com`)"
        service = "my-service"
        entrypoints = ["web"]
-        middlewares = ["redirect"]
+        middlewares = ["https_redirect"]
    
    [http.routers.router1]
        rule = "Host(`foo.com`)"
        service = "my-service"
-        entrypoints = ["web-secure"]
+        entrypoints = ["websecure"]
        [http.routers.router1.tls]
        
    [http.services]
@@ -449,8 +612,9 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
        url = "http://10.10.10.2:80"
    
    [http.middlewares]
-      [http.middlewares.redirect.redirectScheme]
+      [http.middlewares.https_redirect.redirectScheme]
        scheme = "https"
+        permanent = true
    
    [[tls.certificates]]
      certFile = "/path/to/domain.cert"
@@ -465,7 +629,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
      web:
        address: ":80"
    
-      web-secure:
+      websecure:
        address: ":443"
    
    ##---------------------##
@@ -480,13 +644,13 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
          entryPoints:
            - web
          middlewares:
-            - redirect
+            - https_redirect
          service: my-service
    
        router1:
          rule: "Host(`foo.com`)"
          entryPoints:
-            - web-secure
+            - websecure
          service: my-service
          tls: {}
    
@@ -498,9 +662,10 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
              - url: http://10.10.10.2:80
    
      middlewares:
-        redirect:
+        https_redirect:
          redirectScheme:
            scheme: https
+            permanent: true
    
    tls:
      certificates:
@@ -512,14 +677,14 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd

 With the new core notions of v2 (introduced earlier in the section
 ["Frontends and Backends Are Dead... Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)),
-transforming the URL path prefix of incoming requests is configured with [middlewares](../../middlewares/overview/),
-after the routing step with [router rule `PathPrefix`](https://docs.traefik.io/v2.0/routing/routers/#rule).
+transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
+after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).

 Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
 with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:

 * First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
-* Then, define a middleware of type [`stripprefix`](../../middlewares/stripprefix/), which remove the prefix `/admin`, associated to the router `admin`.
+* Then, define a middleware of type [`stripprefix`](../middlewares/stripprefix.md), which removes the prefix `/admin`, associated to the router `admin`.

 !!! example "Strip Path Prefix When Forwarding to Backend"

@@ -650,32 +815,32 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    
    ```toml tab="File (TOML)"
    # static configuration
-    defaultEntryPoints = ["web-secure","web"]
+    defaultEntryPoints = ["websecure","web"]
    
    [entryPoints.web]
    address = ":80"
      [entryPoints.web.redirect]
      entryPoint = "webs"
-    [entryPoints.web-secure]
+    [entryPoints.websecure]
      address = ":443"
-      [entryPoints.https.tls]
+      [entryPoints.websecure.tls]
    
    [acme]
      email = "your-email-here@my-awesome-app.org"
      storage = "acme.json"
-      entryPoint = "web-secure"
+      entryPoint = "websecure"
      onHostRule = true
      [acme.httpChallenge]
        entryPoint = "web"
    ```

    ```bash tab="CLI"
-    --defaultentrypoints=web-secure,web
-    --entryPoints=Name:web Address::80 Redirect.EntryPoint:web-secure
-    --entryPoints=Name:web-secure Address::443 TLS
+    --defaultentrypoints=websecure,web
+    --entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
+    --entryPoints=Name:websecure Address::443 TLS
    --acme.email=your-email-here@my-awesome-app.org
    --acme.storage=acme.json
-    --acme.entryPoint=web-secure
+    --acme.entryPoint=websecure
    --acme.onHostRule=true
    --acme.httpchallenge.entrypoint=http
    ```
@@ -688,13 +853,13 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
      [entryPoints.web]
        address = ":80"
    
-      [entryPoints.web-secure]
+      [entryPoints.websecure]
        address = ":443"
    
-    [certificatesResolvers.sample.acme]
+    [certificatesResolvers.myresolver.acme]
      email = "your-email@your-domain.org"
      storage = "acme.json"
-      [certificatesResolvers.sample.acme.httpChallenge]
+      [certificatesResolvers.myresolver.acme.httpChallenge]
        # used during the challenge
        entryPoint = "web"
    ```
@@ -704,11 +869,11 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
      web:
        address: ":80"
    
-      web-secure:
+      websecure:
        address: ":443"
    
    certificatesResolvers:
-      sample:
+      myresolver:
        acme:
          email: your-email@your-domain.org
          storage: acme.json
@@ -720,9 +885,9 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    ```bash tab="CLI"
    --entryPoints.web.address=:80
    --entryPoints.websecure.address=:443
-    --certificatesResolvers.sample.acme.email=your-email@your-domain.org
-    --certificatesResolvers.sample.acme.storage=acme.json
-    --certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
+    --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
+    --certificatesResolvers.myresolver.acme.storage=acme.json
+    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
    ```

 ## Traefik Logs
@@ -901,7 +1066,7 @@ Each root item has been moved to a related section or removed.
    providersThrottleDuration = "2s"
    AllowMinWeightZero = true
    debug = true
-    defaultEntryPoints = ["web", "web-secure"]
+    defaultEntryPoints = ["web", "websecure"]
    keepTrailingSlash = false
    ```

@@ -915,7 +1080,7 @@ Each root item has been moved to a related section or removed.
    --providersthrottleduration=2s
    --allowminweightzero=true
    --debug=true
-    --defaultentrypoints=web,web-secure
+    --defaultentrypoints=web,websecure
    --keeptrailingslash=true
    ```

@@ -988,21 +1153,21 @@ As the dashboard access is now secured by default you can either:
    ## static configuration
    # traefik.toml
    
-    [entryPoints.web-secure]
+    [entryPoints.websecure]
      address = ":443"
-      [entryPoints.web-secure.tls]
-      [entryPoints.web-secure.auth]
-        [entryPoints.web-secure.auth.basic]
+      [entryPoints.websecure.tls]
+      [entryPoints.websecure.auth]
+        [entryPoints.websecure.auth.basic]
          users = [
            "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
          ]
    
    [api]
-      entryPoint = "web-secure"
+      entryPoint = "websecure"
    ```

    ```bash tab="CLI"
-    --entryPoints='Name:web-secure Address::443 TLS Auth.Basic.Users:test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
+    --entryPoints='Name:websecure Address::443 TLS Auth.Basic.Users:test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
    --api
    ```

@@ -1012,7 +1177,7 @@ As the dashboard access is now secured by default you can either:
    # dynamic configuration
    labels:
      - "traefik.http.routers.api.rule=Host(`traefik.docker.localhost`)"
-      - "traefik.http.routers.api.entrypoints=web-secured"
+      - "traefik.http.routers.api.entrypoints=websecured"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=myAuth"
      - "traefik.http.routers.api.tls"
@@ -1023,7 +1188,7 @@ As the dashboard access is now secured by default you can either:
    ## static configuration
    # traefik.toml
    
-    [entryPoints.web-secure]
+    [entryPoints.websecure]
      address = ":443"
    
    [api]
@@ -1038,7 +1203,7 @@ As the dashboard access is now secured by default you can either:
    
    [http.routers.api]
      rule = "Host(`traefik.docker.localhost`)"
-      entrypoints = ["web-secure"]
+      entrypoints = ["websecure"]
      service = "api@internal"
      middlewares = ["myAuth"]
      [http.routers.api.tls]
@@ -1054,7 +1219,7 @@ As the dashboard access is now secured by default you can either:
    # traefik.yaml
    
    entryPoints:
-      web-secure:
+      websecure:
        address: ':443'
        
    api: {}
@@ -1073,7 +1238,7 @@ As the dashboard access is now secured by default you can either:
        api:
          rule: Host(`traefik.docker.localhost`)
          entrypoints:
-            - web-secure
+            - websecure
          service: api@internal
          middlewares:
            - myAuth
--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@@ -2,8 +2,11 @@

 ## v2.0 to v2.1

-In v2.1, a new CRD called `TraefikService` was added. While updating an installation to v2.1,
-it is required to apply that CRD before as well as enhance the existing `ClusterRole` definition to allow Traefik to use that CRD.
+### Kubernetes CRD
+
+In v2.1, a new Kubernetes CRD called `TraefikService` was added.
+While updating an installation to v2.1,
+one should apply that CRD, and update the existing `ClusterRole` definition to allow Traefik to use that CRD.

 To add that CRD and enhance the permissions, following definitions need to be applied to the cluster.

--- a/docs/content/observability/tracing/haystack.md
+++ b/docs/content/observability/tracing/haystack.md
@@ -40,24 +40,24 @@ tracing:

 #### `localAgentPort`

-_Require, Default=42699_
+_Require, Default=35000_

 Local Agent port instructs reporter to send spans to the haystack-agent at this port.

 ```toml tab="File (TOML)"
 [tracing]
  [tracing.haystack]
-    localAgentPort = 42699
+    localAgentPort = 35000
 ```

 ```yaml tab="File (YAML)"
 tracing:
  haystack:
-    localAgentPort: 42699
+    localAgentPort: 35000
 ```

 ```bash tab="CLI"
--tracing.haystack.localAgentPort=42699
+--tracing.haystack.localAgentPort=35000
 ```

 #### `globalTag`
@@ -91,61 +91,61 @@ Specifies the header name that will be used to store the trace ID.
 ```toml tab="File (TOML)"
 [tracing]
  [tracing.haystack]
-    traceIDHeaderName = "sample"
+    traceIDHeaderName = "Trace-ID"
 ```

 ```yaml tab="File (YAML)"
 tracing:
  haystack:
-    traceIDHeaderName: sample
+    traceIDHeaderName: Trace-ID
 ```

 ```bash tab="CLI"
--tracing.haystack.traceIDHeaderName=sample
+--tracing.haystack.traceIDHeaderName=Trace-ID
 ```

 #### `parentIDHeaderName`

 _Optional, Default=empty_

+Specifies the header name that will be used to store the parent ID.
+
+```toml tab="File (TOML)"
+[tracing]
+  [tracing.haystack]
+    parentIDHeaderName = "Parent-Message-ID"
+```
+
+```yaml tab="File (YAML)"
+tracing:
+  haystack:
+    parentIDHeaderName: Parent-Message-ID
+```
+
+```bash tab="CLI"
+--tracing.haystack.parentIDHeaderName=Parent-Message-ID
+```
+
+#### `spanIDHeaderName`
+
+_Optional, Default=empty_
+
 Specifies the header name that will be used to store the span ID.

 ```toml tab="File (TOML)"
 [tracing]
  [tracing.haystack]
-    parentIDHeaderName = "sample"
+    spanIDHeaderName = "Message-ID"
 ```

 ```yaml tab="File (YAML)"
 tracing:
  haystack:
-    parentIDHeaderName: "sample"
+    spanIDHeaderName: Message-ID
 ```

 ```bash tab="CLI"
--tracing.haystack.parentIDHeaderName=sample
-```
-
-#### `spanIDHeaderName`
-
-_Optional, Default=empty_
-
-Apply shared tag in a form of Key:Value to all the traces.
-
-```toml tab="File (TOML)"
-[tracing]
-  [tracing.haystack]
-    spanIDHeaderName = "sample:test"
-```
-
-```yaml tab="File (YAML)"
-tracing:
-  haystack:
-    spanIDHeaderName: "sample:test"
-```
-
-```bash tab="CLI"
--tracing.haystack.spanIDHeaderName=sample:test
+--tracing.haystack.spanIDHeaderName=Message-ID
 ```

 #### `baggagePrefixHeaderName`
--- a/docs/content/operations/include-api-examples.md
+++ b/docs/content/operations/include-api-examples.md
@@ -19,6 +19,30 @@ deploy:
    - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
 ```

+```yaml tab="Kubernetes CRD"
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: traefik-dashboard
+spec:
+  routes:
+  - match: Host(`traefik.domain.com`)
+    kind: Rule
+    services:
+    - name: api@internal
+      kind: TraefikService
+    middlewares:
+      - name: auth
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: auth
+spec:
+  basicAuth:
+    secret: secretName # Kubernetes secret named "secretName"
+```
+
 ```yaml tab="Consul Catalog"
 # Dynamic Configuration
 - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
--- a/docs/content/providers/consul-catalog.md
+++ b/docs/content/providers/consul-catalog.md
@@ -565,7 +565,7 @@ Constraints is an expression that Traefik matches against the service's tags to
 That is to say, if none of the service's tags match the expression, no route for that service is created.
 If the expression is empty, all detected services are included.

-The expression syntax is based on the `Tag("tag")`, and `TagRegex("tag")` functions,
+The expression syntax is based on the ```Tag(`tag`)```, and ```TagRegex(`tag`)``` functions,
 as well as the usual boolean logic, as shown in examples below.

 ??? example "Constraints Expression Examples"
--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@@ -86,7 +86,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
 ## Routing Configuration

 When using Docker as a [provider](https://docs.traefik.io/providers/overview/),
-Trafik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
+Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.

 See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.

@@ -246,7 +246,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A

    services:
      traefik:
-         image: traefik:v2.0 # The official v2.0 Traefik docker image
+         image: traefik:v2.1 # The official v2 Traefik docker image
         ports:
           - "80:80"
         volumes:
--- a/docs/content/providers/file.md
+++ b/docs/content/providers/file.md
@@ -118,27 +118,35 @@ If you're in a hurry, maybe you'd rather go through the [dynamic configuration](
    
 ### `filename`

-Defines the path of the configuration file.
+Defines the path to the configuration file.
+
+!!! warning ""
+    `filename` and `directory` are mutually exclusive.
+    The recommendation is to use `directory`.

 ```toml tab="File (TOML)"
 [providers]
  [providers.file]
-    filename = "dynamic_conf.toml"
+    filename = "/path/to/config/dynamic_conf.toml"
 ```

 ```yaml tab="File (YAML)"
 providers:
  file:
-    filename: dynamic_conf.yml
+    filename: /path/to/config/dynamic_conf.yml
 ```

 ```bash tab="CLI"
--providers.file.filename=dynamic_conf.toml
+--providers.file.filename=/path/to/config/dynamic_conf.toml
 ```

 ### `directory`

-Defines the directory that contains the configuration files.
+Defines the path to the directory that contains the configuration files.
+
+!!! warning ""
+    `filename` and `directory` are mutually exclusive.
+    The recommendation is to use `directory`.

 ```toml tab="File (TOML)"
 [providers]
@@ -186,8 +194,11 @@ providers:
    Go Templating only works along with dedicated dynamic configuration files.
    Templating does not work in the Traefik main static configuration file.

-Traefik allows using Go templating.  
-Thus, it's possible to define easily lot of routers, services and TLS certificates as described in the file `template-rules.toml` :
+Traefik allows using Go templating,
+it must be a valid [Go template](https://golang.org/pkg/text/template/),
+augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
+
+Thus, it's possible to define easily lot of routers, services and TLS certificates as described in the following examples:

 ??? example "Configuring Using Templating"
    
@@ -197,7 +208,7 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
    
      [http.routers]
      {{ range $i, $e := until 100 }}
-        [http.routers.router{{ $e }}]
+        [http.routers.router{{ $e }}-{{ env "MY_ENV_VAR" }}]
        # ...
      {{ end }}  
      
@@ -239,40 +250,38 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
    
    ```yaml tab="YAML"
    http:
-    
-    {{range $i, $e := until 100 }}
      routers:
-        router{{ $e }:
+        {{range $i, $e := until 100 }}
+        router{{ $e }}-{{ env "MY_ENV_VAR" }}:
          # ...
-    {{end}}
+        {{end}}
    
-    {{range $i, $e := until 100 }}
      services:
+        {{range $i, $e := until 100 }}
        application{{ $e }}:
          # ...
-    {{end}}
+        {{end}}
    
    tcp:
-    
-    {{range $i, $e := until 100 }}
      routers:
-        router{{ $e }:
+        {{range $i, $e := until 100 }}
+        router{{ $e }}:
          # ...
-    {{end}}
+        {{end}}
    
-    {{range $i, $e := until 100 }}
      services:
+        {{range $i, $e := until 100 }}
        service{{ $e }}:
          # ...
-    {{end}}
+        {{end}}
    
-    {{ range $i, $e := until 10 }}
    tls:
      certificates:
+      {{ range $i, $e := until 10 }}
      - certFile: "/etc/traefik/cert-{{ $e }}.pem"
        keyFile: "/etc/traefik/cert-{{ $e }}.key"
        store:
        - "my-store-foo-{{ $e }}"
        - "my-store-bar-{{ $e }}"
-    {{end}}
+      {{end}}
    ```
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@@ -8,9 +8,43 @@ Traefik used to support Kubernetes only through the [Kubernetes Ingress provider
 However, as the community expressed the need to benefit from Traefik features without resorting to (lots of) annotations,
 we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (alias CRD in the following) for an IngressRoute type, defined below, in order to provide a better way to configure access to a Kubernetes cluster.

+## Configuration Requirements
+
+!!! tip "All Steps for a Successful Deployment"
+
+    * Add/update **all** the Traefik resources [definitions](../reference/dynamic-configuration/kubernetes-crd.md#definitions)
+    * Add/update the [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for the Traefik custom resources
+    * Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment 
+        * Enable the kubernetesCRD provider
+        * Apply the needed kubernetesCRD provider [configuration](#provider-configuration)
+    * Add all needed traefik custom [resources](../reference/dynamic-configuration/kubernetes-crd.md#resources)
+ 
+??? example "Initializing Resource Definition and RBAC"
+
+    ```yaml tab="Traefik Resource Definition"
+    # All resources definition must be declared
+    --8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition.yml"
+    ```
+
+    ```yaml tab="RBAC for Traefik CRD"
+    --8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
+    ```
+
 ## Resource Configuration

-See the dedicated section in [routing](../routing/providers/kubernetes-crd.md).
+When using KubernetesCRD as a provider,
+Traefik uses [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) to retrieve its routing configuration.
+Traefik Custom Resource Definitions are a Kubernetes implementation of the Traefik concepts. The main particularities are:
+
+* The usage of `name` **and** `namespace` to refer to another Kubernetes resource.
+* The usage of [secret](https://kubernetes.io/docs/concepts/configuration/secret/) for sensible data like:
+    * TLS certificate.
+    * Authentication data.
+* The structure of the configuration.
+* The obligation to declare all the [definitions](../reference/dynamic-configuration/kubernetes-crd.md#definitions).
+
+The Traefik CRD are building blocks which you can assemble according to your needs.
+See the list of CRDs in the dedicated [routing section](../routing/providers/kubernetes-crd.md).

 ## LetsEncrypt Support with the Custom Resource Definition Provider

@@ -26,7 +60,7 @@ If you require LetsEncrypt with HA in a kubernetes environment, we recommend usi
 If you are wanting to continue to run Traefik Community Edition, LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
 When using Cert-Manager to manage certificates, it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
 When using the Traefik Kubernetes CRD Provider, unfortunately Cert-Manager cannot interface directly with the CRDs _yet_, but this is being worked on by our team.
-A workaround it to enable the [Kubernetes Ingress provider](./kubernetes-ingress.md) to allow Cert-Manager to create ingress objects to complete the challenges.
+A workaround is to enable the [Kubernetes Ingress provider](./kubernetes-ingress.md) to allow Cert-Manager to create ingress objects to complete the challenges.
 Please note that this still requires manual intervention to create the certificates through Cert-Manager, but once created, Cert-Manager will keep the certificate renewed.

 ## Provider Configuration
--- a/docs/content/providers/kubernetes-ingress.md
+++ b/docs/content/providers/kubernetes-ingress.md
@@ -23,7 +23,9 @@ providers:
 --providers.kubernetesingress=true
 ```

-The provider then watches for incoming ingresses events, such as the example below, and derives the corresponding dynamic configuration from it, which in turn will create the resulting routers, services, handlers, etc.
+The provider then watches for incoming ingresses events, such as the example below,
+and derives the corresponding dynamic configuration from it,
+which in turn will create the resulting routers, services, handlers, etc.

 ```yaml tab="File (YAML)"
 kind: Ingress
@@ -49,17 +51,26 @@ spec:

 ## LetsEncrypt Support with the Ingress Provider

-By design, Traefik is a stateless application, meaning that it only derives its configuration from the environment it runs in, without additional configuration.
-For this reason, users can run multiple instances of Traefik at the same time to achieve HA, as is a common pattern in the kubernetes ecosystem.
+By design, Traefik is a stateless application,
+meaning that it only derives its configuration from the environment it runs in,
+without additional configuration.
+For this reason, users can run multiple instances of Traefik at the same time to achieve HA,
+as is a common pattern in the kubernetes ecosystem.

-When using a single instance of Traefik with LetsEncrypt, no issues should be encountered, however this could be a single point of failure.
-Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled, because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.
-Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this, but due to sub-optimal performance was dropped as a feature in 2.0.
+When using a single instance of Traefik with LetsEncrypt, no issues should be encountered,
+however this could be a single point of failure.
+Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled,
+because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.
+Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this,
+but due to sub-optimal performance was dropped as a feature in 2.0.

-If you require LetsEncrypt with HA in a kubernetes environment, we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature.
+If you require LetsEncrypt with HA in a kubernetes environment,
+we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature.

-If you are wanting to continue to run Traefik Community Edition, LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
-When using Cert-Manager to manage certificates, it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
+If you are wanting to continue to run Traefik Community Edition,
+LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
+When using Cert-Manager to manage certificates,
+it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).

 ## Provider Configuration

@@ -93,7 +104,8 @@ They are both provided automatically as mounts in the pod where Traefik is deplo

 When the environment variables are not found, Traefik tries to connect to the Kubernetes API server with an external-cluster client.
 In which case, the endpoint is required.
-Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
+Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication
+and authorization of the associated kubeconfig.

 ### `token`

@@ -298,7 +310,7 @@ _Optional, Default: empty_

 ```toml tab="File (TOML)"
 [providers.kubernetesIngress.ingressEndpoint]
-  publishedService = "foo-service"
+  publishedService = "namespace/foo-service"
  # ...
 ```

@@ -306,15 +318,16 @@ _Optional, Default: empty_
 providers:
  kubernetesIngress:
    ingressEndpoint:
-      publishedService: "foo-service"
+      publishedService: "namespace/foo-service"
    # ...
 ```

 ```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.publishedservice=foo-service
+--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
 ```

 Published Kubernetes Service to copy status from.
+Format: `namespace/servicename`.

 ### `throttleDuration`

@@ -339,4 +352,5 @@ providers:

 ## Further

-If one wants to know more about the various aspects of the Ingress spec that Traefik supports, many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+If one wants to know more about the various aspects of the Ingress spec that Traefik supports,
+many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
--- a/docs/content/reference/dynamic-configuration/docker-labels.yml
+++ b/docs/content/reference/dynamic-configuration/docker-labels.yml
@@ -12,100 +12,102 @@
 - "traefik.http.middlewares.middleware03.chain.middlewares=foobar, foobar"
 - "traefik.http.middlewares.middleware04.circuitbreaker.expression=foobar"
 - "traefik.http.middlewares.middleware05.compress=true"
- "traefik.http.middlewares.middleware06.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware06.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware06.digestauth.removeheader=true"
- "traefik.http.middlewares.middleware06.digestauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware06.digestauth.usersfile=foobar"
- "traefik.http.middlewares.middleware07.errors.query=foobar"
- "traefik.http.middlewares.middleware07.errors.service=foobar"
- "traefik.http.middlewares.middleware07.errors.status=foobar, foobar"
- "traefik.http.middlewares.middleware08.forwardauth.address=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware08.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware08.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware08.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.middleware09.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.middleware09.headers.accesscontrolallowheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolallowmethods=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolalloworigin=foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolexposeheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolmaxage=42"
- "traefik.http.middlewares.middleware09.headers.addvaryheader=true"
- "traefik.http.middlewares.middleware09.headers.allowedhosts=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.browserxssfilter=true"
- "traefik.http.middlewares.middleware09.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.contenttypenosniff=true"
- "traefik.http.middlewares.middleware09.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.middleware09.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.middleware09.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware09.headers.framedeny=true"
- "traefik.http.middlewares.middleware09.headers.hostsproxyheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.isdevelopment=true"
- "traefik.http.middlewares.middleware09.headers.publickey=foobar"
- "traefik.http.middlewares.middleware09.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware09.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.sslredirect=true"
- "traefik.http.middlewares.middleware09.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware09.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware09.headers.stspreload=true"
- "traefik.http.middlewares.middleware09.headers.stsseconds=42"
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware10.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware11.inflightreq.amount=42"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.pem=true"
- "traefik.http.middlewares.middleware13.ratelimit.average=42"
- "traefik.http.middlewares.middleware13.ratelimit.burst=42"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware14.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware14.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware14.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware15.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware15.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware15.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware16.replacepath.path=foobar"
- "traefik.http.middlewares.middleware17.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware17.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware18.retry.attempts=42"
- "traefik.http.middlewares.middleware19.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware19.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware20.stripprefixregex.regex=foobar, foobar"
+- "traefik.http.middlewares.middleware05.compress.excludedcontenttypes=foobar, foobar"
+- "traefik.http.middlewares.middleware06.contenttype.autodetect=true"
+- "traefik.http.middlewares.middleware07.digestauth.headerfield=foobar"
+- "traefik.http.middlewares.middleware07.digestauth.realm=foobar"
+- "traefik.http.middlewares.middleware07.digestauth.removeheader=true"
+- "traefik.http.middlewares.middleware07.digestauth.users=foobar, foobar"
+- "traefik.http.middlewares.middleware07.digestauth.usersfile=foobar"
+- "traefik.http.middlewares.middleware08.errors.query=foobar"
+- "traefik.http.middlewares.middleware08.errors.service=foobar"
+- "traefik.http.middlewares.middleware08.errors.status=foobar, foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.address=foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
+- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
+- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
+- "traefik.http.middlewares.middleware09.forwardauth.trustforwardheader=true"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials=true"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods=foobar, foobar"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworigin=foobar"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage=42"
+- "traefik.http.middlewares.middleware10.headers.addvaryheader=true"
+- "traefik.http.middlewares.middleware10.headers.allowedhosts=foobar, foobar"
+- "traefik.http.middlewares.middleware10.headers.browserxssfilter=true"
+- "traefik.http.middlewares.middleware10.headers.contentsecuritypolicy=foobar"
+- "traefik.http.middlewares.middleware10.headers.contenttypenosniff=true"
+- "traefik.http.middlewares.middleware10.headers.custombrowserxssvalue=foobar"
+- "traefik.http.middlewares.middleware10.headers.customframeoptionsvalue=foobar"
+- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name0=foobar"
+- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
+- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
+- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
+- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
+- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
+- "traefik.http.middlewares.middleware10.headers.framedeny=true"
+- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.headers.isdevelopment=true"
+- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
+- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
+- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
+- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
+- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
+- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
+- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
+- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
+- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
+- "traefik.http.middlewares.middleware10.headers.stspreload=true"
+- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
+- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware12.inflightreq.amount=42"
+- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.sans=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber=true"
+- "traefik.http.middlewares.middleware13.passtlsclientcert.pem=true"
+- "traefik.http.middlewares.middleware14.ratelimit.average=42"
+- "traefik.http.middlewares.middleware14.ratelimit.burst=42"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware15.redirectregex.permanent=true"
+- "traefik.http.middlewares.middleware15.redirectregex.regex=foobar"
+- "traefik.http.middlewares.middleware15.redirectregex.replacement=foobar"
+- "traefik.http.middlewares.middleware16.redirectscheme.permanent=true"
+- "traefik.http.middlewares.middleware16.redirectscheme.port=foobar"
+- "traefik.http.middlewares.middleware16.redirectscheme.scheme=foobar"
+- "traefik.http.middlewares.middleware17.replacepath.path=foobar"
+- "traefik.http.middlewares.middleware18.replacepathregex.regex=foobar"
+- "traefik.http.middlewares.middleware18.replacepathregex.replacement=foobar"
+- "traefik.http.middlewares.middleware19.retry.attempts=42"
+- "traefik.http.middlewares.middleware20.stripprefix.forceslash=true"
+- "traefik.http.middlewares.middleware20.stripprefix.prefixes=foobar, foobar"
+- "traefik.http.middlewares.middleware21.stripprefixregex.regex=foobar, foobar"
 - "traefik.http.routers.router0.entrypoints=foobar, foobar"
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.priority=42"
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@@ -113,31 +113,35 @@
        expression = "foobar"
    [http.middlewares.Middleware05]
      [http.middlewares.Middleware05.compress]
+        excludedContentTypes = ["foobar", "foobar"]
    [http.middlewares.Middleware06]
-      [http.middlewares.Middleware06.digestAuth]
+      [http.middlewares.Middleware06.contentType]
+        autoDetect = true
+    [http.middlewares.Middleware07]
+      [http.middlewares.Middleware07.digestAuth]
        users = ["foobar", "foobar"]
        usersFile = "foobar"
        removeHeader = true
        realm = "foobar"
        headerField = "foobar"
-    [http.middlewares.Middleware07]
-      [http.middlewares.Middleware07.errors]
+    [http.middlewares.Middleware08]
+      [http.middlewares.Middleware08.errors]
        status = ["foobar", "foobar"]
        service = "foobar"
        query = "foobar"
-    [http.middlewares.Middleware08]
-      [http.middlewares.Middleware08.forwardAuth]
+    [http.middlewares.Middleware09]
+      [http.middlewares.Middleware09.forwardAuth]
        address = "foobar"
        trustForwardHeader = true
        authResponseHeaders = ["foobar", "foobar"]
-        [http.middlewares.Middleware08.forwardAuth.tls]
+        [http.middlewares.Middleware09.forwardAuth.tls]
          ca = "foobar"
          caOptional = true
          cert = "foobar"
          key = "foobar"
          insecureSkipVerify = true
-    [http.middlewares.Middleware09]
-      [http.middlewares.Middleware09.headers]
+    [http.middlewares.Middleware10]
+      [http.middlewares.Middleware10.headers]
        accessControlAllowCredentials = true
        accessControlAllowHeaders = ["foobar", "foobar"]
        accessControlAllowMethods = ["foobar", "foobar"]
@@ -165,38 +169,38 @@
        referrerPolicy = "foobar"
        featurePolicy = "foobar"
        isDevelopment = true
-        [http.middlewares.Middleware09.headers.customRequestHeaders]
+        [http.middlewares.Middleware10.headers.customRequestHeaders]
          name0 = "foobar"
          name1 = "foobar"
-        [http.middlewares.Middleware09.headers.customResponseHeaders]
+        [http.middlewares.Middleware10.headers.customResponseHeaders]
          name0 = "foobar"
          name1 = "foobar"
-        [http.middlewares.Middleware09.headers.sslProxyHeaders]
+        [http.middlewares.Middleware10.headers.sslProxyHeaders]
          name0 = "foobar"
          name1 = "foobar"
-    [http.middlewares.Middleware10]
-      [http.middlewares.Middleware10.ipWhiteList]
+    [http.middlewares.Middleware11]
+      [http.middlewares.Middleware11.ipWhiteList]
        sourceRange = ["foobar", "foobar"]
-        [http.middlewares.Middleware10.ipWhiteList.ipStrategy]
+        [http.middlewares.Middleware11.ipWhiteList.ipStrategy]
          depth = 42
          excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware11]
-      [http.middlewares.Middleware11.inFlightReq]
+    [http.middlewares.Middleware12]
+      [http.middlewares.Middleware12.inFlightReq]
        amount = 42
-        [http.middlewares.Middleware11.inFlightReq.sourceCriterion]
+        [http.middlewares.Middleware12.inFlightReq.sourceCriterion]
          requestHeaderName = "foobar"
          requestHost = true
-          [http.middlewares.Middleware11.inFlightReq.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware12.inFlightReq.sourceCriterion.ipStrategy]
            depth = 42
            excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware12]
-      [http.middlewares.Middleware12.passTLSClientCert]
+    [http.middlewares.Middleware13]
+      [http.middlewares.Middleware13.passTLSClientCert]
        pem = true
-        [http.middlewares.Middleware12.passTLSClientCert.info]
+        [http.middlewares.Middleware13.passTLSClientCert.info]
          notAfter = true
          notBefore = true
          sans = true
-          [http.middlewares.Middleware12.passTLSClientCert.info.subject]
+          [http.middlewares.Middleware13.passTLSClientCert.info.subject]
            country = true
            province = true
            locality = true
@@ -204,7 +208,7 @@
            commonName = true
            serialNumber = true
            domainComponent = true
-          [http.middlewares.Middleware12.passTLSClientCert.info.issuer]
+          [http.middlewares.Middleware13.passTLSClientCert.info.issuer]
            country = true
            province = true
            locality = true
@@ -212,42 +216,42 @@
            commonName = true
            serialNumber = true
            domainComponent = true
-    [http.middlewares.Middleware13]
-      [http.middlewares.Middleware13.rateLimit]
+    [http.middlewares.Middleware14]
+      [http.middlewares.Middleware14.rateLimit]
        average = 42
        burst = 42
-        [http.middlewares.Middleware13.rateLimit.sourceCriterion]
+        [http.middlewares.Middleware14.rateLimit.sourceCriterion]
          requestHeaderName = "foobar"
          requestHost = true
-          [http.middlewares.Middleware13.rateLimit.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware14.rateLimit.sourceCriterion.ipStrategy]
            depth = 42
            excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware14]
-      [http.middlewares.Middleware14.redirectRegex]
+    [http.middlewares.Middleware15]
+      [http.middlewares.Middleware15.redirectRegex]
        regex = "foobar"
        replacement = "foobar"
        permanent = true
-    [http.middlewares.Middleware15]
-      [http.middlewares.Middleware15.redirectScheme]
+    [http.middlewares.Middleware16]
+      [http.middlewares.Middleware16.redirectScheme]
        scheme = "foobar"
        port = "foobar"
        permanent = true
-    [http.middlewares.Middleware16]
-      [http.middlewares.Middleware16.replacePath]
-        path = "foobar"
    [http.middlewares.Middleware17]
-      [http.middlewares.Middleware17.replacePathRegex]
+      [http.middlewares.Middleware17.replacePath]
+        path = "foobar"
+    [http.middlewares.Middleware18]
+      [http.middlewares.Middleware18.replacePathRegex]
        regex = "foobar"
        replacement = "foobar"
-    [http.middlewares.Middleware18]
-      [http.middlewares.Middleware18.retry]
-        attempts = 42
    [http.middlewares.Middleware19]
-      [http.middlewares.Middleware19.stripPrefix]
+      [http.middlewares.Middleware19.retry]
+        attempts = 42
+    [http.middlewares.Middleware20]
+      [http.middlewares.Middleware20.stripPrefix]
        prefixes = ["foobar", "foobar"]
        forceSlash = true
-    [http.middlewares.Middleware20]
-      [http.middlewares.Middleware20.stripPrefixRegex]
+    [http.middlewares.Middleware21]
+      [http.middlewares.Middleware21.stripPrefixRegex]
        regex = ["foobar", "foobar"]

 [tcp]
@@ -321,8 +325,8 @@
      minVersion = "foobar"
      maxVersion = "foobar"
      cipherSuites = ["foobar", "foobar"]
-      sniStrict = true
      curvePreferences = ["foobar", "foobar"]
+      sniStrict = true
      [tls.options.Options0.clientAuth]
        caFiles = ["foobar", "foobar"]
        clientAuthType = "foobar"
@@ -330,8 +334,8 @@
      minVersion = "foobar"
      maxVersion = "foobar"
      cipherSuites = ["foobar", "foobar"]
-      sniStrict = true
      curvePreferences = ["foobar", "foobar"]
+      sniStrict = true
      [tls.options.Options1.clientAuth]
        caFiles = ["foobar", "foobar"]
        clientAuthType = "foobar"
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@@ -117,8 +117,14 @@ http:
      circuitBreaker:
        expression: foobar
    Middleware05:
-      compress: {}
+      compress:
+        excludedContentTypes:
+        - foobar
+        - foobar
    Middleware06:
+      contentType:
+        autoDetect: true
+    Middleware07:
      digestAuth:
        users:
        - foobar
@@ -127,14 +133,14 @@ http:
        removeHeader: true
        realm: foobar
        headerField: foobar
-    Middleware07:
+    Middleware08:
      errors:
        status:
        - foobar
        - foobar
        service: foobar
        query: foobar
-    Middleware08:
+    Middleware09:
      forwardAuth:
        address: foobar
        tls:
@@ -147,7 +153,7 @@ http:
        authResponseHeaders:
        - foobar
        - foobar
-    Middleware09:
+    Middleware10:
      headers:
        customRequestHeaders:
          name0: foobar
@@ -195,7 +201,7 @@ http:
        referrerPolicy: foobar
        featurePolicy: foobar
        isDevelopment: true
-    Middleware10:
+    Middleware11:
      ipWhiteList:
        sourceRange:
        - foobar
@@ -205,7 +211,7 @@ http:
          excludedIPs:
          - foobar
          - foobar
-    Middleware11:
+    Middleware12:
      inFlightReq:
        amount: 42
        sourceCriterion:
@@ -216,7 +222,7 @@ http:
            - foobar
          requestHeaderName: foobar
          requestHost: true
-    Middleware12:
+    Middleware13:
      passTLSClientCert:
        pem: true
        info:
@@ -239,7 +245,7 @@ http:
            commonName: true
            serialNumber: true
            domainComponent: true
-    Middleware13:
+    Middleware14:
      rateLimit:
        average: 42
        burst: 42
@@ -251,33 +257,33 @@ http:
            - foobar
          requestHeaderName: foobar
          requestHost: true
-    Middleware14:
+    Middleware15:
      redirectRegex:
        regex: foobar
        replacement: foobar
        permanent: true
-    Middleware15:
+    Middleware16:
      redirectScheme:
        scheme: foobar
        port: foobar
        permanent: true
-    Middleware16:
+    Middleware17:
      replacePath:
        path: foobar
-    Middleware17:
+    Middleware18:
      replacePathRegex:
        regex: foobar
        replacement: foobar
-    Middleware18:
+    Middleware19:
      retry:
        attempts: 42
-    Middleware19:
+    Middleware20:
      stripPrefix:
        prefixes:
        - foobar
        - foobar
        forceSlash: true
-    Middleware20:
+    Middleware21:
      stripPrefixRegex:
        regex:
        - foobar
@@ -353,8 +359,8 @@ tls:
      minVersion: foobar
      maxVersion: foobar
      cipherSuites:
-        - foobar
-        - foobar
+      - foobar
+      - foobar
      curvePreferences:
      - foobar
      - foobar
@@ -368,8 +374,8 @@ tls:
      minVersion: foobar
      maxVersion: foobar
      cipherSuites:
-        - foobar
-        - foobar
+      - foobar
+      - foobar
      curvePreferences:
      - foobar
      - foobar
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition.yml
@@ -0,0 +1,73 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutes.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRoute
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: middlewares.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: Middleware
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-ingressroutetcp-definition.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-ingressroutetcp-definition.yml
@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
@@ -0,0 +1,57 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - middlewares
+      - ingressroutes
+      - traefikservices
+      - ingressroutetcps
+      - tlsoptions
+    verbs:
+      - get
+      - list
+      - watch
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: traefik-ingress-controller
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: traefik-ingress-controller
+    namespace: default
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
@@ -0,0 +1,157 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr2
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: s1
+        weight: 1
+        port: 80
+        # Optional, as it is the default value
+        kind: Service
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr1
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: wrr2
+        kind: TraefikService
+        weight: 1
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror1
+  namespace: default
+
+spec:
+  mirroring:
+    name: s1
+    port: 80
+    mirrors:
+      - name: s3
+        percent: 20
+        port: 80
+      - name: mirror2
+        kind: TraefikService
+        percent: 20
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror2
+  namespace: default
+
+spec:
+  mirroring:
+    name: wrr2
+    kind: TraefikService
+    mirrors:
+      - name: s2
+        # Optional, as it is the default value
+        kind: Service
+        percent: 20
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ingressroute
+spec:
+  entryPoints:
+    - web
+    - websecure
+  routes:
+    - match: Host(`foo.com`) && PathPrefix(`/bar`)
+      kind: Rule
+      priority: 12
+      # defining several services is possible and allowed, but for now the servers of
+      # all the services (for a given route) get merged altogether under the same
+      # load-balancing strategy.
+      services:
+        - name: s1
+          port: 80
+          healthCheck:
+            path: /health
+            host: baz.com
+            intervalSeconds: 7
+            timeoutSeconds: 60
+          # strategy defines the load balancing strategy between the servers. It defaults
+          # to Round Robin, and for now only Round Robin is supported anyway.
+          strategy: RoundRobin
+        - name: s2
+          port: 433
+          healthCheck:
+            path: /health
+            host: baz.com
+            intervalSeconds: 7
+            timeoutSeconds: 60
+    - match: PathPrefix(`/misc`)
+      services:
+        - name: s3
+          port: 80
+      middlewares:
+        - name: stripprefix
+        - name: addprefix
+    - match: PathPrefix(`/misc`)
+      services:
+        - name: s3
+          # Optional, as it is the default value
+          kind: Service
+          port: 8443
+          # scheme allow to override the scheme for the service. (ex: https or h2c)
+          scheme: https
+    - match: PathPrefix(`/lb`)
+      services:
+        - name: wrr1
+          kind: TraefikService
+    - match: PathPrefix(`/mirrored`)
+      services:
+        - name: mirror1
+          kind: TraefikService
+  # use an empty tls object for TLS with Let's Encrypt
+  tls:
+    secretName: supersecret
+    options:
+      name: myTLSOption
+      namespace: default
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: ingressroutetcp.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - footcp
+  routes:
+    - match: HostSNI(`bar.com`)
+      services:
+        - name: whoamitcp
+          port: 8080
+  tls:
+    secretName: foosecret
+    passthrough: false
+    options:
+      name: myTLSOption
+      namespace: default
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd.md
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.md
@@ -3,6 +3,20 @@
 Dynamic configuration with Kubernetes Custom Resource
 {: .subtitle }

+## Definitions
+
 ```yaml
--8<-- "content/reference/dynamic-configuration/kubernetes-crd.yml"
+--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition.yml"
+```
+
+## Resources
+
+```yaml
+--8<-- "content/reference/dynamic-configuration/kubernetes-crd-resource.yml"
+```
+
+## RBAC
+
+```yaml
+--8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
 ```
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.yml
@@ -152,7 +152,7 @@ metadata:
 spec:
  entryPoints:
    - web
-    - web-secure
+    - websecure
  routes:
    - match: Host(`foo.com`) && PathPrefix(`/bar`)
      kind: Rule
--- a/docs/content/reference/dynamic-configuration/marathon-labels.json
+++ b/docs/content/reference/dynamic-configuration/marathon-labels.json
@@ -12,100 +12,102 @@
 "traefik.http.middlewares.middleware03.chain.middlewares": "foobar, foobar",
 "traefik.http.middlewares.middleware04.circuitbreaker.expression": "foobar",
 "traefik.http.middlewares.middleware05.compress": "true",
-"traefik.http.middlewares.middleware06.digestauth.headerfield": "foobar",
-"traefik.http.middlewares.middleware06.digestauth.realm": "foobar",
-"traefik.http.middlewares.middleware06.digestauth.removeheader": "true",
-"traefik.http.middlewares.middleware06.digestauth.users": "foobar, foobar",
-"traefik.http.middlewares.middleware06.digestauth.usersfile": "foobar",
-"traefik.http.middlewares.middleware07.errors.query": "foobar",
-"traefik.http.middlewares.middleware07.errors.service": "foobar",
-"traefik.http.middlewares.middleware07.errors.status": "foobar, foobar",
-"traefik.http.middlewares.middleware08.forwardauth.address": "foobar",
-"traefik.http.middlewares.middleware08.forwardauth.authresponseheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware08.forwardauth.tls.ca": "foobar",
-"traefik.http.middlewares.middleware08.forwardauth.tls.caoptional": "true",
-"traefik.http.middlewares.middleware08.forwardauth.tls.cert": "foobar",
-"traefik.http.middlewares.middleware08.forwardauth.tls.insecureskipverify": "true",
-"traefik.http.middlewares.middleware08.forwardauth.tls.key": "foobar",
-"traefik.http.middlewares.middleware08.forwardauth.trustforwardheader": "true",
-"traefik.http.middlewares.middleware09.headers.accesscontrolallowcredentials": "true",
-"traefik.http.middlewares.middleware09.headers.accesscontrolallowheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.headers.accesscontrolallowmethods": "foobar, foobar",
-"traefik.http.middlewares.middleware09.headers.accesscontrolalloworigin": "foobar",
-"traefik.http.middlewares.middleware09.headers.accesscontrolexposeheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.headers.accesscontrolmaxage": "42",
-"traefik.http.middlewares.middleware09.headers.addvaryheader": "true",
-"traefik.http.middlewares.middleware09.headers.allowedhosts": "foobar, foobar",
-"traefik.http.middlewares.middleware09.headers.browserxssfilter": "true",
-"traefik.http.middlewares.middleware09.headers.contentsecuritypolicy": "foobar",
-"traefik.http.middlewares.middleware09.headers.contenttypenosniff": "true",
-"traefik.http.middlewares.middleware09.headers.custombrowserxssvalue": "foobar",
-"traefik.http.middlewares.middleware09.headers.customframeoptionsvalue": "foobar",
-"traefik.http.middlewares.middleware09.headers.customrequestheaders.name0": "foobar",
-"traefik.http.middlewares.middleware09.headers.customrequestheaders.name1": "foobar",
-"traefik.http.middlewares.middleware09.headers.customresponseheaders.name0": "foobar",
-"traefik.http.middlewares.middleware09.headers.customresponseheaders.name1": "foobar",
-"traefik.http.middlewares.middleware09.headers.featurepolicy": "foobar",
-"traefik.http.middlewares.middleware09.headers.forcestsheader": "true",
-"traefik.http.middlewares.middleware09.headers.framedeny": "true",
-"traefik.http.middlewares.middleware09.headers.hostsproxyheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.headers.isdevelopment": "true",
-"traefik.http.middlewares.middleware09.headers.publickey": "foobar",
-"traefik.http.middlewares.middleware09.headers.referrerpolicy": "foobar",
-"traefik.http.middlewares.middleware09.headers.sslforcehost": "true",
-"traefik.http.middlewares.middleware09.headers.sslhost": "foobar",
-"traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0": "foobar",
-"traefik.http.middlewares.middleware09.headers.sslproxyheaders.name1": "foobar",
-"traefik.http.middlewares.middleware09.headers.sslredirect": "true",
-"traefik.http.middlewares.middleware09.headers.ssltemporaryredirect": "true",
-"traefik.http.middlewares.middleware09.headers.stsincludesubdomains": "true",
-"traefik.http.middlewares.middleware09.headers.stspreload": "true",
-"traefik.http.middlewares.middleware09.headers.stsseconds": "42",
-"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware10.ipwhitelist.sourcerange": "foobar, foobar",
-"traefik.http.middlewares.middleware11.inflightreq.amount": "42",
-"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.locality": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.organization": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.province": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.serialnumber": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.notafter": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.notbefore": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.sans": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.commonname": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.country": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.domaincomponent": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.locality": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.organization": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber": "true",
-"traefik.http.middlewares.middleware12.passtlsclientcert.pem": "true",
-"traefik.http.middlewares.middleware13.ratelimit.average": "42",
-"traefik.http.middlewares.middleware13.ratelimit.burst": "42",
-"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware14.redirectregex.permanent": "true",
-"traefik.http.middlewares.middleware14.redirectregex.regex": "foobar",
-"traefik.http.middlewares.middleware14.redirectregex.replacement": "foobar",
-"traefik.http.middlewares.middleware15.redirectscheme.permanent": "true",
-"traefik.http.middlewares.middleware15.redirectscheme.port": "foobar",
-"traefik.http.middlewares.middleware15.redirectscheme.scheme": "foobar",
-"traefik.http.middlewares.middleware16.replacepath.path": "foobar",
-"traefik.http.middlewares.middleware17.replacepathregex.regex": "foobar",
-"traefik.http.middlewares.middleware17.replacepathregex.replacement": "foobar",
-"traefik.http.middlewares.middleware18.retry.attempts": "42",
-"traefik.http.middlewares.middleware19.stripprefix.forceslash": "true",
-"traefik.http.middlewares.middleware19.stripprefix.prefixes": "foobar, foobar",
-"traefik.http.middlewares.middleware20.stripprefixregex.regex": "foobar, foobar",
+"traefik.http.middlewares.middleware05.compress.excludedcontenttypes": "foobar, foobar",
+"traefik.http.middlewares.middleware06.contenttype.autodetect": "true",
+"traefik.http.middlewares.middleware07.digestauth.headerfield": "foobar",
+"traefik.http.middlewares.middleware07.digestauth.realm": "foobar",
+"traefik.http.middlewares.middleware07.digestauth.removeheader": "true",
+"traefik.http.middlewares.middleware07.digestauth.users": "foobar, foobar",
+"traefik.http.middlewares.middleware07.digestauth.usersfile": "foobar",
+"traefik.http.middlewares.middleware08.errors.query": "foobar",
+"traefik.http.middlewares.middleware08.errors.service": "foobar",
+"traefik.http.middlewares.middleware08.errors.status": "foobar, foobar",
+"traefik.http.middlewares.middleware09.forwardauth.address": "foobar",
+"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
+"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
+"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
+"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
+"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
+"traefik.http.middlewares.middleware09.forwardauth.trustforwardheader": "true",
+"traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials": "true",
+"traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods": "foobar, foobar",
+"traefik.http.middlewares.middleware10.headers.accesscontrolalloworigin": "foobar",
+"traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.headers.accesscontrolmaxage": "42",
+"traefik.http.middlewares.middleware10.headers.addvaryheader": "true",
+"traefik.http.middlewares.middleware10.headers.allowedhosts": "foobar, foobar",
+"traefik.http.middlewares.middleware10.headers.browserxssfilter": "true",
+"traefik.http.middlewares.middleware10.headers.contentsecuritypolicy": "foobar",
+"traefik.http.middlewares.middleware10.headers.contenttypenosniff": "true",
+"traefik.http.middlewares.middleware10.headers.custombrowserxssvalue": "foobar",
+"traefik.http.middlewares.middleware10.headers.customframeoptionsvalue": "foobar",
+"traefik.http.middlewares.middleware10.headers.customrequestheaders.name0": "foobar",
+"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
+"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
+"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
+"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
+"traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
+"traefik.http.middlewares.middleware10.headers.framedeny": "true",
+"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.headers.isdevelopment": "true",
+"traefik.http.middlewares.middleware10.headers.publickey": "foobar",
+"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
+"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
+"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
+"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
+"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
+"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
+"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
+"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
+"traefik.http.middlewares.middleware10.headers.stspreload": "true",
+"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
+"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.http.middlewares.middleware12.inflightreq.amount": "42",
+"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.sans": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber": "true",
+"traefik.http.middlewares.middleware13.passtlsclientcert.pem": "true",
+"traefik.http.middlewares.middleware14.ratelimit.average": "42",
+"traefik.http.middlewares.middleware14.ratelimit.burst": "42",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware15.redirectregex.permanent": "true",
+"traefik.http.middlewares.middleware15.redirectregex.regex": "foobar",
+"traefik.http.middlewares.middleware15.redirectregex.replacement": "foobar",
+"traefik.http.middlewares.middleware16.redirectscheme.permanent": "true",
+"traefik.http.middlewares.middleware16.redirectscheme.port": "foobar",
+"traefik.http.middlewares.middleware16.redirectscheme.scheme": "foobar",
+"traefik.http.middlewares.middleware17.replacepath.path": "foobar",
+"traefik.http.middlewares.middleware18.replacepathregex.regex": "foobar",
+"traefik.http.middlewares.middleware18.replacepathregex.replacement": "foobar",
+"traefik.http.middlewares.middleware19.retry.attempts": "42",
+"traefik.http.middlewares.middleware20.stripprefix.forceslash": "true",
+"traefik.http.middlewares.middleware20.stripprefix.prefixes": "foobar, foobar",
+"traefik.http.middlewares.middleware21.stripprefixregex.regex": "foobar, foobar",
 "traefik.http.routers.router0.entrypoints": "foobar, foobar",
 "traefik.http.routers.router0.middlewares": "foobar, foobar",
 "traefik.http.routers.router0.priority": "42",
--- a/docs/content/reference/static-configuration/file.toml
+++ b/docs/content/reference/static-configuration/file.toml
@@ -96,7 +96,7 @@
    namespaces = ["foobar", "foobar"]
    labelSelector = "foobar"
    ingressClass = "foobar"
-    throttleDuration = "10s"
+    throttleDuration = 42
  [providers.rest]
    insecure = true
  [providers.rancher]
@@ -110,25 +110,28 @@
    prefix = "foobar"
  [providers.consulCatalog]
    constraints = "foobar"
-    prefix = "traefik"
-    defaultRule = "foobar"
-    exposedByDefault = true
-    refreshInterval = 15
+    prefix = "foobar"
+    refreshInterval = 42
    requireConsistent = true
    stale = true
    cache = true
+    exposedByDefault = true
+    defaultRule = "foobar"
    [providers.consulCatalog.endpoint]
-     address = "foobar"
-     scheme = "foobar"
-     datacenter = "foobar"
-     token = "foobar"
-     endpointWaitTime = "15s"
-     [providers.consulCatalog.endpoint.tls]
-      ca = "foobar"
-      caOptional = true
-      cert = "foobar"
-      key = "foobar"
-      insecureSkipVerify = true
+      address = "foobar"
+      scheme = "foobar"
+      datacenter = "foobar"
+      token = "foobar"
+      endpointWaitTime = 42
+      [providers.consulCatalog.endpoint.tls]
+        ca = "foobar"
+        caOptional = true
+        cert = "foobar"
+        key = "foobar"
+        insecureSkipVerify = true
+      [providers.consulCatalog.endpoint.httpAuth]
+        username = "foobar"
+        password = "foobar"

 [api]
  insecure = true
@@ -144,19 +147,19 @@
    manualRouting = true
  [metrics.datadog]
    address = "foobar"
-    pushInterval = "10s"
+    pushInterval = "42s"
    addEntryPointsLabels = true
    addServicesLabels = true
  [metrics.statsD]
    address = "foobar"
-    pushInterval = "10s"
+    pushInterval = "42s"
    addEntryPointsLabels = true
    addServicesLabels = true
-    prefix = "traefik"
+    prefix = "foobar"
  [metrics.influxDB]
    address = "foobar"
    protocol = "foobar"
-    pushInterval = "10s"
+    pushInterval = "42s"
    database = "foobar"
    retentionPolicy = "foobar"
    username = "foobar"
--- a/docs/content/reference/static-configuration/file.yaml
+++ b/docs/content/reference/static-configuration/file.yaml
@@ -88,7 +88,7 @@ providers:
    - foobar
    labelSelector: foobar
    ingressClass: foobar
-    throttleDuration: 10s
+      throttleDuration: 42s
    ingressEndpoint:
      ip: foobar
      hostname: foobar
@@ -117,25 +117,28 @@ providers:
    prefix: foobar
  consulCatalog:
    constraints: foobar
-    prefix: traefik
-    defaultRule: foobar
-    exposedByDefault: true
-    refreshInterval: 15
+    prefix: foobar
+    refreshInterval: 42s
    requireConsistent: true
    stale: true
    cache: true
+    exposedByDefault: true
+    defaultRule: foobar
    endpoint:
      address: foobar
      scheme: foobar
      datacenter: foobar
      token: foobar
-      endpointWaitTime: 15s
+      endpointWaitTime: 42s
      tls:
        ca: foobar
        caOptional: true
        cert: foobar
        key: foobar
        insecureSkipVerify: true
+      httpAuth:
+        username: foobar
+        password: foobar
 api:
  insecure: true
  dashboard: true
@@ -159,7 +162,7 @@ metrics:
    pushInterval: 42
    addEntryPointsLabels: true
    addServicesLabels: true
-    prefix: traefik
+    prefix: foobar
  influxDB:
    address: foobar
    protocol: foobar
--- a/docs/content/routing/entrypoints.md
+++ b/docs/content/routing/entrypoints.md
@@ -41,7 +41,7 @@ They define the port which will receive the requests (whether HTTP or TCP).
      [entryPoints.web]
        address = ":80"
    
-      [entryPoints.web-secure]
+      [entryPoints.websecure]
        address = ":443"
    ```
    
@@ -51,18 +51,18 @@ They define the port which will receive the requests (whether HTTP or TCP).
      web:
        address: ":80"
     
-      web-secure:
+      websecure:
        address: ":443"
    ```
    
    ```bash tab="CLI"
    ## Static configuration
    --entryPoints.web.address=:80
-    --entryPoints.web-secure.address=:443
+    --entryPoints.websecure.address=:443
    ```

-    - Two entrypoints are defined: one called `web`, and the other called `web-secure`.
-    - `web` listens on port `80`, and `web-secure` on port `443`. 
+    - Two entrypoints are defined: one called `web`, and the other called `websecure`.
+    - `web` listens on port `80`, and `websecure` on port `443`. 

 ## Configuration

--- a/docs/content/routing/providers/docker.md
+++ b/docs/content/routing/providers/docker.md
@@ -178,7 +178,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers

 ??? info "`traefik.http.routers.<router_name>.service`"

-    See [rule](../routers/index.md#service) for more information.
+    See [service](../routers/index.md#service) for more information.

    ```yaml
    - "traefik.http.routers.myrouter.service=myservice"
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
--- a/docs/content/user-guides/crd-acme/03-deployments.yml
+++ b/docs/content/user-guides/crd-acme/03-deployments.yml
@@ -26,19 +26,19 @@ spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
-          image: traefik:v2.0
+          image: traefik:v2.1
          args:
            - --api.insecure
            - --accesslog
            - --entrypoints.web.Address=:8000
            - --entrypoints.websecure.Address=:4443
            - --providers.kubernetescrd
-            - --certificatesresolvers.default.acme.tlschallenge
-            - --certificatesresolvers.default.acme.email=foo@you.com
-            - --certificatesresolvers.default.acme.storage=acme.json
+            - --certificatesresolvers.myresolver.acme.tlschallenge
+            - --certificatesresolvers.myresolver.acme.email=foo@you.com
+            - --certificatesresolvers.myresolver.acme.storage=acme.json
            # Please note that this is the staging Let's Encrypt server.
            # Once you get things working, you should remove that whole line altogether.
-            - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+            - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
          ports:
            - name: web
              containerPort: 8000
--- a/docs/content/user-guides/crd-acme/04-ingressroutes.yml
+++ b/docs/content/user-guides/crd-acme/04-ingressroutes.yml
@@ -29,4 +29,4 @@ spec:
    - name: whoami
      port: 80
  tls:
-    certResolver: default
+    certResolver: myresolver
--- a/docs/content/user-guides/crd-acme/k3s.yml
+++ b/docs/content/user-guides/crd-acme/k3s.yml
@@ -26,5 +26,5 @@ node:
    - K3S_CLUSTER_SECRET=somethingtotallyrandom
  volumes:
    # this is where you would place a alternative traefik image (saved as a .tar file with
-    # 'docker save'), if you want to use it, instead of the traefik:v2.0 image.
+    # 'docker save'), if you want to use it, instead of the traefik:v2.1 image.
    - /sowewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images
--- a/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
 services:

  traefik:
-    image: "traefik:v2.0.0-rc3"
+    image: "traefik:v2.1"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
@@ -12,11 +12,11 @@ services:
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
-      - "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
-      - "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh"
-      #- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com"
-      - "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
+      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
@@ -37,4 +37,4 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
-      - "traefik.http.routers.whoami.tls.certresolver=mydnschallenge"
+      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
+++ b/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
@@ -13,7 +13,7 @@ secrets:
 services:

  traefik:
-    image: "traefik:v2.0.0-rc3"
+    image: "traefik:v2.1"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
@@ -22,11 +22,11 @@ services:
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
-      - "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
-      - "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh"
-      #- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com"
-      - "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
+      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
@@ -52,4 +52,4 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
-      - "traefik.http.routers.whoami.tls.certresolver=mydnschallenge"
+      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-dns/index.md
+++ b/docs/content/user-guides/docker-compose/acme-dns/index.md
@@ -7,7 +7,7 @@ Please also read the [basic example](../basic-example) for details on how to exp

 For the DNS challenge, you'll need:

- A working [provider](https://docs.traefik.io/v2.0/https/acme/#providers) along with the credentials allowing to create and remove DNS records.  
+- A working [provider](../../../https/acme.md#providers) along with the credentials allowing to create and remove DNS records.  

 !!! info "Variables may vary depending on the Provider."
 	 Please note this guide may vary depending on the provider you use.
@@ -32,13 +32,13 @@ For the DNS challenge, you'll need:
      - "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]"
    ```

- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.mydnschallenge.acme.email` command line argument of the `traefik` service.
+- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
 - Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
 - Optionally uncomment the following lines if you want to test/debug: 

 	```yaml
 	#- "--log.level=DEBUG"
-	#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+	#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
 	```

 - Run `docker-compose up -d` within the folder where you created the previous file.
@@ -68,12 +68,12 @@ ports:

 ```yaml
 command:
-  # Enable a dns challenge named "mydnschallenge"
-  - "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
+  # Enable a dns challenge named "myresolver"
+  - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
  # Tell which provider to use
-  - "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh"
+  - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
  # The email to provide to let's encrypt
-  - "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com"
+  - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
 ```

 - We provide the required configuration to our provider via environment variables: 
@@ -101,14 +101,14 @@ volumes:

 command:
  # Tell to store the certificate on a path under our volume
-  - "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
+  - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
 ```

- We configure the `whoami` service to tell Traefik to use the certificate resolver named `mydnschallenge` we just configured:
+- We configure the `whoami` service to tell Traefik to use the certificate resolver named `myresolver` we just configured:

 ```yaml
 labels:
-	- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge" # Uses the Host rule to define which certificate to issue
+	- "traefik.http.routers.whoami.tls.certresolver=myresolver" # Uses the Host rule to define which certificate to issue
 ```

 ## Use Secrets
--- a/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
 services:

  traefik:
-    image: "traefik:v2.0.0-rc3"
+    image: "traefik:v2.1"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
@@ -12,11 +12,11 @@ services:
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
-      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
-      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
-      #- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.myhttpchallenge.acme.email=postmaster@mydomain.com"
-      - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
+      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
@@ -32,4 +32,4 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
-      - "traefik.http.routers.whoami.tls.certresolver=myhttpchallenge"
+      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-http/index.md
+++ b/docs/content/user-guides/docker-compose/acme-http/index.md
@@ -18,13 +18,13 @@ For the HTTP challenge you will need:
 --8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml"
 ```

- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myhttpchallenge.acme.email` command line argument of the `traefik` service.
+- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
 - Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
 - Optionally uncomment the following lines if you want to test/debug:

 	```yaml
 	#- "--log.level=DEBUG"
-	#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+	#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
 	```

 - Run `docker-compose up -d` within the folder where you created the previous file.
@@ -54,12 +54,12 @@ ports:

 ```yaml
 command:
-  # Enable a http challenge named "myhttpchallenge"
-  - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
+  # Enable a http challenge named "myresolver"
+  - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
  # Tell it to use our predefined entrypoint named "web"
-  - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
+  - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
  # The email to provide to let's encrypt
-  - "--certificatesresolvers.myhttpchallenge.acme.email=postmaster@mydomain.com"
+  - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
 ```

 - We add a volume to store our certificates:
@@ -71,13 +71,13 @@ volumes:

 command:
  # Tell to store the certificate on a path under our volume
-  - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
+  - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
 ```

- We configure the `whoami` service to tell Traefik to use the certificate resolver named `myhttpchallenge` we just configured:
+- We configure the `whoami` service to tell Traefik to use the certificate resolver named `myresolver` we just configured:

 ```yaml
 labels:
  # Uses the Host rule to define which certificate to issue
-  - "traefik.http.routers.whoami.tls.certresolver=myhttpchallenge"
+  - "traefik.http.routers.whoami.tls.certresolver=myresolver"
 ```
--- a/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
 services:

  traefik:
-    image: "traefik:v2.0.0-rc3"
+    image: "traefik:v2.1"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
@@ -11,10 +11,10 @@ services:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
-      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
-      #- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.mytlschallenge.acme.email=postmaster@mydomain.com"
-      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
@@ -29,4 +29,4 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
-      - "traefik.http.routers.whoami.tls.certresolver=mytlschallenge"
+      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-tls/index.md
+++ b/docs/content/user-guides/docker-compose/acme-tls/index.md
@@ -18,13 +18,13 @@ For the TLS challenge you will need:
 --8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml"
 ```

- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.mytlschallenge.acme.email` command line argument of the `traefik` service.
+- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
 - Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
 - Optionally uncomment the following lines if you want to test/debug:

 	```yaml
 	#- "--log.level=DEBUG"
-	#- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+	#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
 	```

 - Run `docker-compose up -d` within the folder where you created the previous file.
@@ -54,8 +54,8 @@ ports:

 ```yaml
 command:
-  # Enable a tls challenge named "mytlschallenge"
-  - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
+  # Enable a tls challenge named "myresolver"
+  - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
 ```

 - We add a volume to store our certificates:
@@ -67,13 +67,13 @@ volumes:

 command:
  # Tell to store the certificate on a path under our volume
-  - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
+  - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
 ```

- We configure the `whoami` service to tell Traefik to use the certificate resolver named `mytlschallenge` we just configured:
+- We configure the `whoami` service to tell Traefik to use the certificate resolver named `myresolver` we just configured:

 ```yaml
 labels:
  # Uses the Host rule to define which certificate to issue
-  - "traefik.http.routers.whoami.tls.certresolver=mytlschallenge"
+  - "traefik.http.routers.whoami.tls.certresolver=myresolver"
 ```
--- a/docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
@@ -3,7 +3,7 @@ version: "3.3"
 services:

  traefik:
-    image: "traefik:v2.0.0-rc3"
+    image: "traefik:v2.1"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
--- a/docs/content/user-guides/docker-compose/basic-example/index.md
+++ b/docs/content/user-guides/docker-compose/basic-example/index.md
@@ -1,7 +1,7 @@
 # Docker-compose basic example

 In this section we quickly go over a basic docker-compose file exposing a simple service using the docker provider.  
-This will also be used as a starting point for the the other docker-compose guides.  
+This will also be used as a starting point for the other docker-compose guides.  

 ## Setup

--- a/docs/content/user-guides/marathon.md
+++ b/docs/content/user-guides/marathon.md
@@ -77,7 +77,7 @@ A failing application always happens unexpectedly, and hence, it is very difficu

 Failure reasons vary broadly and could stretch from unacceptable slowness, a task crash, or a network split.

-There are two mitigaton efforts:
+There are two mitigation efforts:

 1. Configure [Marathon health checks](https://mesosphere.github.io/marathon/docs/health-checks.html) on each application.
 2. Configure Traefik health checks (possibly via the `traefik.http.services.yourServiceName.loadbalancer.healthcheck.*` labels) and make sure they probe with proper frequency.
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -107,6 +107,7 @@ nav:
      - 'Chain': 'middlewares/chain.md'
      - 'CircuitBreaker': 'middlewares/circuitbreaker.md'
      - 'Compress': 'middlewares/compress.md'
+      - 'ContentType': 'middlewares/contenttype.md'
      - 'DigestAuth': 'middlewares/digestauth.md'
      - 'Errors': 'middlewares/errorpages.md'
      - 'ForwardAuth': 'middlewares/forwardauth.md'
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000
 	github.com/abronan/valkeyrie v0.0.0-20190822142731-f2e1850dc905
 	github.com/c0va23/go-proxyprotocol v0.9.1
-	github.com/cenkalti/backoff/v3 v3.0.0
+	github.com/cenkalti/backoff/v4 v4.0.0
 	github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
 	github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd
 	github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f
@@ -39,7 +39,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.0 // indirect
 	github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
 	github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2
-	github.com/go-acme/lego/v3 v3.2.0
+	github.com/go-acme/lego/v3 v3.4.0
 	github.com/go-check/check v0.0.0-00010101000000-000000000000
 	github.com/go-kit/kit v0.9.0
 	github.com/golang/protobuf v1.3.2
@@ -80,17 +80,16 @@ require (
 	github.com/stvp/go-udp-testing v0.0.0-20171104055251-c4434f09ec13
 	github.com/tinylib/msgp v1.0.2 // indirect
 	github.com/transip/gotransip v5.8.2+incompatible // indirect
-	github.com/uber/jaeger-client-go v2.19.0+incompatible
+	github.com/uber/jaeger-client-go v2.21.1+incompatible
 	github.com/uber/jaeger-lib v2.2.0+incompatible
 	github.com/unrolled/render v1.0.1
 	github.com/unrolled/secure v1.0.5
 	github.com/vdemeester/shakers v0.1.0
 	github.com/vulcand/oxy v1.0.0
 	github.com/vulcand/predicate v1.1.0
-	golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3
+	golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a
 	golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a // indirect
 	golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0
-	golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 // indirect
 	google.golang.org/grpc v1.22.1
 	gopkg.in/DataDog/dd-trace-go.v1 v1.16.1
 	gopkg.in/fsnotify.v1 v1.4.7
--- a/go.sum
+++ b/go.sum
@@ -2,8 +2,19 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0 h1:0E3eE8MX426vUOs7aHfI7aN1BrIzzzf4ccKCSfSjGmc=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 contrib.go.opencensus.io/exporter/ocagent v0.4.12 h1:jGFvw3l57ViIVEPKKEUXPcLYIXJmQxLUh6ey1eJhwyc=
 contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/Azure/azure-sdk-for-go v32.4.0+incompatible h1:1JP8SKfroEakYiQU2ZyPDosh8w2Tg9UopKt88VyQPt4=
 github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
@@ -89,8 +100,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/c0va23/go-proxyprotocol v0.9.1 h1:5BCkp0fDJOhzzH1lhjUgHhmZz9VvRMMif1U2D31hb34=
 github.com/c0va23/go-proxyprotocol v0.9.1/go.mod h1:TNjUV+llvk8TvWJxlPYAeAYZgSzT/iicNr3nWBWX320=
-github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
-github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
+github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU=
+github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
 github.com/census-instrumentation/opencensus-proto v0.2.0 h1:LzQXZOgg4CQfE6bFvXGM30YZL1WW/M337pXml+GrcZ4=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
@@ -130,8 +141,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/decker502/dnspod-go v0.2.0 h1:6dwhUFCYbC5bgpebLKn7PrI43e/5mn9tpUL9YcYCdTU=
-github.com/decker502/dnspod-go v0.2.0/go.mod h1:qsurYu1FgxcDwfSwXJdLt4kRsBLZeosEb9uq4Sy+08g=
 github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
@@ -193,11 +202,12 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2 h1:df6OFl8WNXk82xxP3R9ZPZ5seOA8XZkwLdbEzZF1/xI=
 github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2/go.mod h1:GLyXJD41gBO/NPKVPGQbhyyC06eugGy15QEZyUkE2/s=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-acme/lego/v3 v3.2.0 h1:z0zvNlL1niv/1qA06V5X1BRC5PeLoGKAlVaWthXQz9c=
-github.com/go-acme/lego/v3 v3.2.0/go.mod h1:074uqt+JS6plx+c9Xaiz6+L+GBb+7itGtzfcDM2AhEE=
+github.com/go-acme/lego/v3 v3.4.0 h1:deB9NkelA+TfjGHVw8J7iKl/rMtffcGMWSMmptvMv0A=
+github.com/go-acme/lego/v3 v3.4.0/go.mod h1:xYbLDuxq3Hy4bMUT1t9JIuz6GWIWb3m5X+TeTHYaT7M=
 github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.44.0 h1:8+SRbfpRFlIunpSum4BEf1ClTtVjOgKzgBv9pHFkI6w=
 github.com/go-ini/ini v1.44.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
@@ -225,6 +235,8 @@ github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4er
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1 h1:qGJ6qTW+x6xX/my+8YUVl4WNpX9B7+/l2tRsHGZ7f2s=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -250,6 +262,8 @@ github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -429,6 +443,8 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/nrdcg/auroradns v1.0.0 h1:b+NpSqNG6HzMqX2ohGQe4Q/G0WQq8pduWCiZ19vdLY8=
 github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw=
+github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U=
+github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ=
 github.com/nrdcg/goinwx v0.6.1 h1:AJnjoWPELyCtofhGcmzzcEMFd9YdF2JB/LgutWsWt/s=
 github.com/nrdcg/goinwx v0.6.1/go.mod h1:XPiut7enlbEdntAqalBIqcYcTEVhpv/dKWgDCX2SwKQ=
 github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg=
@@ -511,6 +527,7 @@ github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhD
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sacloud/libsacloud v1.26.1 h1:td3Kd7lvpSAxxHEVpnaZ9goHmmhi0D/RfP0Rqqf/kek=
@@ -554,8 +571,8 @@ github.com/transip/gotransip v5.8.2+incompatible/go.mod h1:uacMoJVmrfOcscM4Bi5NV
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/uber-go/atomic v1.3.2 h1:Azu9lPBWRNKzYXSIwRfgRuDuS0YKsK4NFhiQv98gkxo=
 github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
-github.com/uber/jaeger-client-go v2.19.0+incompatible h1:pbwbYfHUoaase0oPQOdZ1GcaUjImYGimUXSQ/+8+Z8Q=
-github.com/uber/jaeger-client-go v2.19.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-client-go v2.21.1+incompatible h1:oozboeZmWz+tyh3VZttJWlF3K73mHgbokieceqKccLo=
+github.com/uber/jaeger-client-go v2.21.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v2.2.0+incompatible h1:MxZXOiR2JuoANZ3J6DE/U0kSFv/eJ/GfSYVCjK7dyaw=
 github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/unrolled/render v1.0.1 h1:VDDnQQVfBMsOsp3VaCJszSO0nkBIVEYoPWeRThk9spY=
@@ -586,6 +603,8 @@ go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
@@ -602,19 +621,35 @@ golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495 h1:I6A9Ag9FpEKOjcKrRNjQkPHawoXIhKyTGfvvjFAiiAk=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587 h1:5Uz0rkjCFu9BC9gCRN7EkwVvhNyQgGWb8KNJrPwBoHY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -629,12 +664,17 @@ golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 h1:Ao/3l156eZf2AW5wK8a7/smtodRU+gha3+BeqJ69lRk=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3 h1:6KET3Sqa7fkVfD63QnAM81ZeYg5n4HwApOJkufONnHA=
 golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a h1:Yu34BogBivvmu7SAzHHaB9nZWH5D1C+z3F1jyIaYZSQ=
+golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -646,6 +686,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -661,8 +703,12 @@ golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a h1:aYOabOQFp6Vj6W1F80affTUvO9UxmJRx8K0gsfABByQ=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -686,12 +732,24 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c h1:97SnQk1GYRXJgvwZ8fadnxDOWfKvkNQHH3CtZntPSrM=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135 h1:5Beo0mZN8dRzgrMMkDp0jc8YXQKx9DiJ2k1dkvGsn5A=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361 h1:RIIXAeV6GvDBuADKumTODatUqANFZ+5BPMnzsy4hulY=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485 h1:OB/uP/Puiu5vS5QMRPrXCDWUPb+kt8f1KW8oQzFejQw=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
@@ -699,23 +757,36 @@ gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e h1:jRyg0XfpwWlhEV8mDfdNGB
 gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
 google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0 h1:VGGbLNyPF7dvYHhcUGYBBGCRDDK0RRJAI6KCvo0CL+E=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.14.0 h1:uMf5uLi4eQMRrMKhCplNik4U4H8Z6C1br3zOtAa/aDE=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 h1:nfPFGzJkUDX6uBmpN/pSw7MbOAWegH5QDQuoXFHedLg=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1 h1:aQktFqmDE2yjveXJlVIfslDFmFnUXSqG0i6KRcJAeMc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
 google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.22.1 h1:/7cs52RnTJmD43s3uxzlq2U7nqVTd/37viQwMrMNlOM=
 google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 gopkg.in/DataDog/dd-trace-go.v1 v1.16.1 h1:Dngw1zun6yTYFHNdzEWBlrJzFA2QJMjSA2sZ4nH2UWo=
@@ -724,6 +795,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/h2non/gock.v1 v1.0.15 h1:SzLqcIlb/fDfg7UvukMpNcWsu7sI5tWwL+KCATZqks0=
@@ -764,6 +836,7 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 k8s.io/api v0.0.0-20190718183219-b59d8169aab5 h1:X3LHYU4fwu75lvvWypbppCKuhqg1KrvcZ1lLaAgmE/g=
 k8s.io/api v0.0.0-20190718183219-b59d8169aab5/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A=
 k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719 h1:uV4S5IB5g4Nvi+TBVNf3e9L4wrirlwYJ6w88jUQxTUw=
@@ -787,5 +860,6 @@ modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs
 modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 mvdan.cc/xurls/v2 v2.0.0 h1:r1zSOSNS/kqtpmATyMMMvaZ4/djsesbYz5kr0+qMRWc=
 mvdan.cc/xurls/v2 v2.0.0/go.mod h1:2/webFPYOXN9jp/lzuj0zuAVlF+9g4KPFJANH1oJhRU=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
--- a/integration/consul_catalog_test.go
+++ b/integration/consul_catalog_test.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"strconv"
 	"time"

 	"github.com/containous/traefik/v2/integration/try"
@@ -62,23 +61,13 @@ func (s *ConsulCatalogSuite) TearDownSuite(c *check.C) {
 	}
 }

-func (s *ConsulCatalogSuite) registerService(id, name, address, port string, tags []string, onAgent bool) error {
-	iPort, err := strconv.Atoi(port)
-	if err != nil {
-		return err
-	}
+func (s *ConsulCatalogSuite) registerService(reg *api.AgentServiceRegistration, onAgent bool) error {
 	client := s.consulClient
 	if onAgent {
 		client = s.consulAgentClient
 	}

-	return client.Agent().ServiceRegister(&api.AgentServiceRegistration{
-		ID:      id,
-		Name:    name,
-		Address: address,
-		Port:    iPort,
-		Tags:    tags,
-	})
+	return client.Agent().ServiceRegister(reg)
 }

 func (s *ConsulCatalogSuite) deregisterService(id string, onAgent bool) error {
@@ -90,11 +79,34 @@ func (s *ConsulCatalogSuite) deregisterService(id string, onAgent bool) error {
 }

 func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *check.C) {
-	err := s.registerService("whoami1", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", []string{"traefik.enable=true"}, false)
+	reg1 := &api.AgentServiceRegistration{
+		ID:      "whoami1",
+		Name:    "whoami",
+		Tags:    []string{"traefik.enable=true"},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
+	}
+	err := s.registerService(reg1, false)
 	c.Assert(err, checker.IsNil)
-	err = s.registerService("whoami2", "whoami", s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress, "80", []string{"traefik.enable=true"}, false)
+
+	reg2 := &api.AgentServiceRegistration{
+		ID:      "whoami2",
+		Name:    "whoami",
+		Tags:    []string{"traefik.enable=true"},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress,
+	}
+	err = s.registerService(reg2, false)
 	c.Assert(err, checker.IsNil)
-	err = s.registerService("whoami3", "whoami", s.composeProject.Container(c, "whoami3").NetworkSettings.IPAddress, "80", []string{"traefik.enable=true"}, false)
+
+	reg3 := &api.AgentServiceRegistration{
+		ID:      "whoami3",
+		Name:    "whoami",
+		Tags:    []string{"traefik.enable=true"},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami3").NetworkSettings.IPAddress,
+	}
+	err = s.registerService(reg3, false)
 	c.Assert(err, checker.IsNil)

 	tempObjects := struct {
@@ -116,7 +128,18 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
 	c.Assert(err, checker.IsNil)
 	req.Host = "whoami"

-	err = try.Request(req, 2*time.Second, try.StatusCodeIs(200), try.BodyContainsOr("Hostname: whoami1", "Hostname: whoami2", "Hostname: whoami3"))
+	err = try.Request(req, 2*time.Second,
+		try.StatusCodeIs(200),
+		try.BodyContainsOr("Hostname: whoami1", "Hostname: whoami2", "Hostname: whoami3"))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2*time.Second,
+		try.StatusCodeIs(200),
+		try.BodyContains(
+			fmt.Sprintf(`"http://%s:80":"UP"`, reg1.Address),
+			fmt.Sprintf(`"http://%s:80":"UP"`, reg2.Address),
+			fmt.Sprintf(`"http://%s:80":"UP"`, reg3.Address),
+		))
 	c.Assert(err, checker.IsNil)

 	err = s.deregisterService("whoami1", false)
@@ -128,14 +151,21 @@ func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings(c *c
 }

 func (s *ConsulCatalogSuite) TestByLabels(c *check.C) {
-	labels := []string{
-		"traefik.enable=true",
-		"traefik.http.routers.router1.rule=Path(`/whoami`)",
-		"traefik.http.routers.router1.service=service1",
-		"traefik.http.services.service1.loadBalancer.server.url=http://" + s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
-	}
+	containerIP := s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress

-	err := s.registerService("whoami1", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", labels, false)
+	reg := &api.AgentServiceRegistration{
+		ID:   "whoami1",
+		Name: "whoami",
+		Tags: []string{
+			"traefik.enable=true",
+			"traefik.http.routers.router1.rule=Path(`/whoami`)",
+			"traefik.http.routers.router1.service=service1",
+			"traefik.http.services.service1.loadBalancer.server.url=http://" + containerIP,
+		},
+		Port:    80,
+		Address: containerIP,
+	}
+	err := s.registerService(reg, false)
 	c.Assert(err, checker.IsNil)

 	tempObjects := struct {
@@ -172,7 +202,14 @@ func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) {
 	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
 	defer os.Remove(file)

-	err := s.registerService("whoami1", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", []string{"traefik.enable=true"}, false)
+	reg := &api.AgentServiceRegistration{
+		ID:      "whoami1",
+		Name:    "whoami",
+		Tags:    []string{"traefik.enable=true"},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
+	}
+	err := s.registerService(reg, false)
 	c.Assert(err, checker.IsNil)

 	cmd, display := s.traefikCmd(withConfigFile(file))
@@ -204,7 +241,14 @@ func (s *ConsulCatalogSuite) TestRegisterServiceWithoutIP(c *check.C) {
 	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
 	defer os.Remove(file)

-	err := s.registerService("whoami1", "whoami", "", "80", []string{"traefik.enable=true"}, false)
+	reg := &api.AgentServiceRegistration{
+		ID:      "whoami1",
+		Name:    "whoami",
+		Tags:    []string{"traefik.enable=true"},
+		Port:    80,
+		Address: "",
+	}
+	err := s.registerService(reg, false)
 	c.Assert(err, checker.IsNil)

 	cmd, display := s.traefikCmd(withConfigFile(file))
@@ -236,7 +280,13 @@ func (s *ConsulCatalogSuite) TestDefaultConsulService(c *check.C) {
 	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
 	defer os.Remove(file)

-	err := s.registerService("whoami1", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", nil, false)
+	reg := &api.AgentServiceRegistration{
+		ID:      "whoami1",
+		Name:    "whoami",
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
+	}
+	err := s.registerService(reg, false)
 	c.Assert(err, checker.IsNil)

 	// Start traefik
@@ -269,14 +319,20 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithTCPLabels(c *check.C) {
 	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
 	defer os.Remove(file)

-	// Start a container with some labels
-	labels := []string{
-		"traefik.tcp.Routers.Super.Rule=HostSNI(`my.super.host`)",
-		"traefik.tcp.Routers.Super.tls=true",
-		"traefik.tcp.Services.Super.Loadbalancer.server.port=8080",
+	// Start a container with some tags
+	reg := &api.AgentServiceRegistration{
+		ID:   "whoamitcp",
+		Name: "whoamitcp",
+		Tags: []string{
+			"traefik.tcp.Routers.Super.Rule=HostSNI(`my.super.host`)",
+			"traefik.tcp.Routers.Super.tls=true",
+			"traefik.tcp.Services.Super.Loadbalancer.server.port=8080",
+		},
+		Port:    8080,
+		Address: s.composeProject.Container(c, "whoamitcp").NetworkSettings.IPAddress,
 	}

-	err := s.registerService("whoamitcp", "whoamitcp", s.composeProject.Container(c, "whoamitcp").NetworkSettings.IPAddress, "8080", labels, false)
+	err := s.registerService(reg, false)
 	c.Assert(err, checker.IsNil)

 	// Start traefik
@@ -310,18 +366,31 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithLabels(c *check.C) {
 	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
 	defer os.Remove(file)

-	// Start a container with some labels
-	labels := []string{
-		"traefik.http.Routers.Super.Rule=Host(`my.super.host`)",
+	// Start a container with some tags
+	reg1 := &api.AgentServiceRegistration{
+		ID:   "whoami1",
+		Name: "whoami",
+		Tags: []string{
+			"traefik.http.Routers.Super.Rule=Host(`my.super.host`)",
+		},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
 	}
-	err := s.registerService("whoami1", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", labels, false)
+
+	err := s.registerService(reg1, false)
 	c.Assert(err, checker.IsNil)

 	// Start another container by replacing a '.' by a '-'
-	labels = []string{
-		"traefik.http.Routers.SuperHost.Rule=Host(`my-super.host`)",
+	reg2 := &api.AgentServiceRegistration{
+		ID:   "whoami2",
+		Name: "whoami",
+		Tags: []string{
+			"traefik.http.Routers.SuperHost.Rule=Host(`my-super.host`)",
+		},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress,
 	}
-	err = s.registerService("whoami2", "whoami", s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress, "80", labels, false)
+	err = s.registerService(reg2, false)
 	c.Assert(err, checker.IsNil)

 	// Start traefik
@@ -364,16 +433,31 @@ func (s *ConsulCatalogSuite) TestSameServiceIDOnDifferentConsulAgent(c *check.C)
 	file := s.adaptFile(c, "fixtures/consul_catalog/default_not_exposed.toml", tempObjects)
 	defer os.Remove(file)

-	// Start a container with some labels
-	labels := []string{
+	// Start a container with some tags
+	tags := []string{
 		"traefik.enable=true",
 		"traefik.http.Routers.Super.service=whoami",
 		"traefik.http.Routers.Super.Rule=Host(`my.super.host`)",
 	}
-	err := s.registerService("whoami", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", labels, false)
+
+	reg1 := &api.AgentServiceRegistration{
+		ID:      "whoami",
+		Name:    "whoami",
+		Tags:    tags,
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
+	}
+	err := s.registerService(reg1, false)
 	c.Assert(err, checker.IsNil)

-	err = s.registerService("whoami", "whoami", s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress, "80", labels, true)
+	reg2 := &api.AgentServiceRegistration{
+		ID:      "whoami",
+		Name:    "whoami",
+		Tags:    tags,
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress,
+	}
+	err = s.registerService(reg2, true)
 	c.Assert(err, checker.IsNil)

 	// Start traefik
@@ -417,11 +501,18 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithOneMissingLabels(c *check.C) {
 	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
 	defer os.Remove(file)

-	// Start a container with some labels
-	labels := []string{
-		"traefik.random.value=my.super.host",
+	// Start a container with some tags
+	reg := &api.AgentServiceRegistration{
+		ID:   "whoami1",
+		Name: "whoami",
+		Tags: []string{
+			"traefik.random.value=my.super.host",
+		},
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
 	}
-	err := s.registerService("whoami1", "whoami", s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress, "80", labels, false)
+
+	err := s.registerService(reg, false)
 	c.Assert(err, checker.IsNil)

 	// Start traefik
@@ -441,3 +532,82 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithOneMissingLabels(c *check.C) {
 	err = try.Request(req, 1500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
 	c.Assert(err, checker.IsNil)
 }
+
+func (s *ConsulCatalogSuite) TestConsulServiceWithHealthCheck(c *check.C) {
+	tags := []string{
+		"traefik.enable=true",
+		"traefik.http.routers.router1.rule=Path(`/whoami`)",
+		"traefik.http.routers.router1.service=service1",
+		"traefik.http.services.service1.loadBalancer.server.url=http://" + s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
+	}
+
+	reg1 := &api.AgentServiceRegistration{
+		ID:      "whoami1",
+		Name:    "whoami",
+		Tags:    tags,
+		Port:    80,
+		Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress,
+		Check: &api.AgentServiceCheck{
+			CheckID:  "some-failed-check",
+			TCP:      "127.0.0.1:1234",
+			Name:     "some-failed-check",
+			Interval: "1s",
+			Timeout:  "1s",
+		},
+	}
+
+	err := s.registerService(reg1, false)
+	c.Assert(err, checker.IsNil)
+
+	tempObjects := struct {
+		ConsulAddress string
+	}{
+		ConsulAddress: s.consulAddress,
+	}
+
+	file := s.adaptFile(c, "fixtures/consul_catalog/simple.toml", tempObjects)
+	defer os.Remove(file)
+
+	cmd, display := s.traefikCmd(withConfigFile(file))
+	defer display(c)
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	err = try.GetRequest("http://127.0.0.1:8000/whoami", 2*time.Second, try.StatusCodeIs(http.StatusNotFound))
+	c.Assert(err, checker.IsNil)
+
+	err = s.deregisterService("whoami1", false)
+	c.Assert(err, checker.IsNil)
+
+	containerIP := s.composeProject.Container(c, "whoami2").NetworkSettings.IPAddress
+
+	reg2 := &api.AgentServiceRegistration{
+		ID:      "whoami2",
+		Name:    "whoami",
+		Tags:    tags,
+		Port:    80,
+		Address: containerIP,
+		Check: &api.AgentServiceCheck{
+			CheckID:  "some-ok-check",
+			TCP:      containerIP + ":80",
+			Name:     "some-ok-check",
+			Interval: "1s",
+			Timeout:  "1s",
+		},
+	}
+
+	err = s.registerService(reg2, false)
+	c.Assert(err, checker.IsNil)
+
+	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/whoami", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "whoami"
+
+	// FIXME Need to wait for up to 10 seconds (for consul discovery or traefik to boot up ?)
+	err = try.Request(req, 10*time.Second, try.StatusCodeIs(200), try.BodyContainsOr("Hostname: whoami2"))
+	c.Assert(err, checker.IsNil)
+
+	err = s.deregisterService("whoami2", false)
+	c.Assert(err, checker.IsNil)
+}
--- a/integration/fixtures/acme/acme_base.toml
+++ b/integration/fixtures/acme/acme_base.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

 {{range $name, $resolvers := .Acme }}
@@ -45,7 +45,7 @@

 [http.routers]
  [http.routers.test]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "Host(`traefik.acme.wtf`)"
    service = "test"
    [http.routers.test.tls]
--- a/integration/fixtures/acme/acme_domains.toml
+++ b/integration/fixtures/acme/acme_domains.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

 {{range $name, $resolvers := .Acme }}
@@ -45,7 +45,7 @@

 [http.routers]
  [http.routers.test]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "PathPrefix(`/`)"
    service = "test"
    [http.routers.test.tls]
--- a/integration/fixtures/acme/acme_multiple_resolvers.toml
+++ b/integration/fixtures/acme/acme_multiple_resolvers.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

 {{range $name, $resolvers := .Acme }}
@@ -45,14 +45,14 @@

 [http.routers]
  [http.routers.test]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "Host(`traefik.acme.wtf`)"
    service = "test"
    [http.routers.test.tls]
      certResolver = "default"

  [http.routers.tchouk]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "Host(`tchouk.acme.wtf`)"
    service = "test"
    [http.routers.tchouk.tls]
--- a/integration/fixtures/acme/acme_tcp.toml
+++ b/integration/fixtures/acme/acme_tcp.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

 {{range $name, $resolvers := .Acme }}
@@ -45,7 +45,7 @@

 [tcp.routers]
  [tcp.routers.test]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "HostSNI(`traefik.acme.wtf`)"
    service = "test"
    [tcp.routers.test.tls]
--- a/integration/fixtures/acme/acme_tls.toml
+++ b/integration/fixtures/acme/acme_tls.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

 {{range $name, $resolvers := .Acme }}
@@ -45,7 +45,7 @@

 [http.routers]
  [http.routers.test]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "Host(`traefik.acme.wtf`)"
    service = "test"
    [http.routers.test.tls]
--- a/integration/fixtures/acme/acme_tls_dynamic.toml
+++ b/integration/fixtures/acme/acme_tls_dynamic.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

 {{range $name, $resolvers := .Acme }}
--- a/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
+++ b/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
@@ -8,7 +8,7 @@
 [entryPoints]
  [entryPoints.web]
    address = "{{ .PortHTTP }}"
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = "{{ .PortHTTPS }}"

  [entryPoints.traefik]
--- a/integration/fixtures/acme/certificates.toml
+++ b/integration/fixtures/acme/certificates.toml
@@ -5,7 +5,7 @@

 [http.routers]
  [http.routers.test]
-    entryPoints = ["web-secure"]
+    entryPoints = ["websecure"]
    rule = "Host(`traefik.acme.wtf`)"
    service = "test"
    [http.routers.test.tls]
--- a/integration/fixtures/grpc/config.toml
+++ b/integration/fixtures/grpc/config.toml
@@ -9,7 +9,7 @@
  rootCAs = [ """{{ .CertContent }}""" ]

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/grpc/config_h2c_termination.toml
+++ b/integration/fixtures/grpc/config_h2c_termination.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/grpc/config_insecure.toml
+++ b/integration/fixtures/grpc/config_insecure.toml
@@ -9,7 +9,7 @@
  insecureSkipVerify = true

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/grpc/config_retry.toml
+++ b/integration/fixtures/grpc/config_retry.toml
@@ -9,7 +9,7 @@
  rootCAs = [ """{{ .CertContent }}""" ]

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/clientca/https_1ca1config.toml
+++ b/integration/fixtures/https/clientca/https_1ca1config.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/clientca/https_2ca1config.toml
+++ b/integration/fixtures/https/clientca/https_2ca1config.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/clientca/https_2ca2config.toml
+++ b/integration/fixtures/https/clientca/https_2ca2config.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/dynamic_https_sni.toml
+++ b/integration/fixtures/https/dynamic_https_sni.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
     address = ":4443"

  [entryPoints.https02]
--- a/integration/fixtures/https/dynamic_https_sni_default_cert.toml
+++ b/integration/fixtures/https/dynamic_https_sni_default_cert.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/https_redirect.toml
+++ b/integration/fixtures/https/https_redirect.toml
@@ -9,7 +9,7 @@
  [entryPoints.web]
    address = ":8888"

-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":8443"

 [api]
@@ -28,7 +28,7 @@
    service = "service1"

  [http.routers.router1TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`example.com`)"
    service = "service1"
    [http.routers.router1TLS.tls]
@@ -40,7 +40,7 @@
    service = "service1"

  [http.routers.router2TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`example2.com`)"
    service = "service1"
    [http.routers.router2TLS.tls]
@@ -52,7 +52,7 @@
    service = "service1"

  [http.routers.router3TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`test.com`)"
    service = "service1"
    [http.routers.router3TLS.tls]
@@ -64,7 +64,7 @@
    service = "service1"

  [http.routers.router4TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`test2.com`)"
    service = "service1"
    [http.routers.router4TLS.tls]
@@ -76,7 +76,7 @@
    service = "service1"

  [http.routers.router5TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`foo.com`)"
    service = "service1"
    [http.routers.router5TLS.tls]
@@ -88,7 +88,7 @@
    service = "service1"

  [http.routers.router6TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`foo2.com`)"
    service = "service1"
    [http.routers.router6TLS.tls]
@@ -100,7 +100,7 @@
    service = "service1"

  [http.routers.router7TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`bar.com`)"
    service = "service1"
    [http.routers.router7TLS.tls]
@@ -112,7 +112,7 @@
    service = "service1"

  [http.routers.router8TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`bar2.com`)"
    service = "service1"
    [http.routers.router8TLS.tls]
@@ -124,7 +124,7 @@
    service = "service1"

  [http.routers.router9TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`pow.com`)"
    service = "service1"
    [http.routers.router9TLS.tls]
@@ -136,7 +136,7 @@
    service = "service1"

  [http.routers.router10TLS]
-    entryPoints = [ "web-secure" ]
+    entryPoints = [ "websecure" ]
    rule = "Host(`pow2.com`)"
    service = "service1"
    [http.routers.router10TLS.tls]
--- a/integration/fixtures/https/https_sni.toml
+++ b/integration/fixtures/https/https_sni.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
+++ b/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/https_sni_default_cert.toml
+++ b/integration/fixtures/https/https_sni_default_cert.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/https_sni_strict.toml
+++ b/integration/fixtures/https/https_sni_strict.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/https/https_tls_options.toml
+++ b/integration/fixtures/https/https_tls_options.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/router_errors.toml
+++ b/integration/fixtures/router_errors.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/service_errors.toml
+++ b/integration/fixtures/service_errors.toml
@@ -6,7 +6,7 @@
  level = "DEBUG"

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":4443"

 [api]
--- a/integration/fixtures/simple_contenttype.toml
+++ b/integration/fixtures/simple_contenttype.toml
@@ -0,0 +1,61 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "DEBUG"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":8000"
+
+[api]
+  insecure = true
+
+[providers.file]
+  filename = "{{ .SelfFilename }}"
+
+## dynamic configuration ##
+
+[http.routers]
+  [http.routers.router1]
+    service = "service1"
+    rule = "PathPrefix(`/css/ct/nomiddleware`) || PathPrefix(`/pdf/ct/nomiddleware`)"
+
+  [http.routers.router2]
+    service = "service1"
+    middlewares = ["autodetect"]
+    rule = "PathPrefix(`/css/ct/middlewareauto`) || PathPrefix(`/pdf/ct/middlewareauto`)"
+
+  [http.routers.router3]
+    service = "service1"
+    middlewares = ["noautodetect"]
+    rule = "PathPrefix(`/css/ct/middlewarenoauto`) || PathPrefix(`/pdf/ct/middlewarenoauto`)"
+
+  [http.routers.router4]
+    service = "service1"
+    rule = "PathPrefix(`/css/noct/nomiddleware`) || PathPrefix(`/pdf/noct/nomiddleware`)"
+
+  [http.routers.router5]
+    service = "service1"
+    middlewares = ["autodetect"]
+    rule = "PathPrefix(`/css/noct/middlewareauto`) || PathPrefix(`/pdf/noct/middlewareauto`)"
+
+  [http.routers.router6]
+    service = "service1"
+    middlewares = ["noautodetect"]
+    rule = "PathPrefix(`/css/noct/middlewarenoauto`) || PathPrefix(`/pdf/noct/middlewarenoauto`)"
+
+
+[http.services]
+  [http.services.service1]
+    [http.services.service1.loadBalancer]
+      passHostHeader = true
+      [[http.services.service1.loadBalancer.servers]]
+        url = "{{ .Server }}"
+
+[http.middlewares.autodetect.contentType]
+autoDetect=true
+
+[http.middlewares.noautodetect.contentType]
+autoDetect=false
--- a/integration/fixtures/test.pdf
+++ b/integration/fixtures/test.pdf
--- a/integration/fixtures/tlsclientheaders/simple.toml
+++ b/integration/fixtures/tlsclientheaders/simple.toml
@@ -9,7 +9,7 @@
  rootCAs = [ """{{ .RootCertContent }}""" ]

 [entryPoints]
-  [entryPoints.web-secure]
+  [entryPoints.websecure]
    address = ":8443"

 [api]
--- a/integration/simple_test.go
+++ b/integration/simple_test.go
@@ -779,3 +779,98 @@ func (s *SimpleSuite) TestSecureAPI(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.StatusCodeIs(http.StatusNotFound))
 	c.Assert(err, checker.IsNil)
 }
+
+func (s *SimpleSuite) TestContentTypeDisableAutoDetect(c *check.C) {
+	srv1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		rw.Header()["Content-Type"] = nil
+		switch req.URL.Path[:4] {
+		case "/css":
+			if !strings.Contains(req.URL.Path, "noct") {
+				rw.Header().Set("Content-Type", "text/css")
+			}
+
+			rw.WriteHeader(http.StatusOK)
+
+			_, err := rw.Write([]byte(".testcss { }"))
+			c.Assert(err, checker.IsNil)
+		case "/pdf":
+			if !strings.Contains(req.URL.Path, "noct") {
+				rw.Header().Set("Content-Type", "application/pdf")
+			}
+
+			rw.WriteHeader(http.StatusOK)
+
+			bytes, err := ioutil.ReadFile("fixtures/test.pdf")
+			c.Assert(err, checker.IsNil)
+
+			_, err = rw.Write(bytes)
+			c.Assert(err, checker.IsNil)
+		}
+	}))
+
+	defer srv1.Close()
+
+	file := s.adaptFile(c, "fixtures/simple_contenttype.toml", struct {
+		Server string
+	}{
+		Server: srv1.URL,
+	})
+	defer os.Remove(file)
+
+	cmd, display := s.traefikCmd(withConfigFile(file), "--log.level=DEBUG")
+	defer display(c)
+
+	err := cmd.Start()
+	c.Assert(err, check.IsNil)
+	defer cmd.Process.Kill()
+
+	// wait for traefik
+	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("127.0.0.1"))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/css/ct/nomiddleware", time.Second, try.HasHeaderValue("Content-Type", "text/css", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/pdf/ct/nomiddleware", time.Second, try.HasHeaderValue("Content-Type", "application/pdf", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/css/ct/middlewareauto", time.Second, try.HasHeaderValue("Content-Type", "text/css", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/pdf/ct/nomiddlewareauto", time.Second, try.HasHeaderValue("Content-Type", "application/pdf", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/css/ct/middlewarenoauto", time.Second, try.HasHeaderValue("Content-Type", "text/css", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/pdf/ct/nomiddlewarenoauto", time.Second, try.HasHeaderValue("Content-Type", "application/pdf", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/css/noct/nomiddleware", time.Second, try.HasHeaderValue("Content-Type", "text/plain; charset=utf-8", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/pdf/noct/nomiddleware", time.Second, try.HasHeaderValue("Content-Type", "application/pdf", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/css/noct/middlewareauto", time.Second, try.HasHeaderValue("Content-Type", "text/plain; charset=utf-8", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/pdf/noct/nomiddlewareauto", time.Second, try.HasHeaderValue("Content-Type", "application/pdf", false))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/css/noct/middlewarenoauto", time.Second, func(res *http.Response) error {
+		if ct, ok := res.Header["Content-Type"]; ok {
+			return fmt.Errorf("should have no content type and %s is present", ct)
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/pdf/noct/middlewarenoauto", time.Second, func(res *http.Response) error {
+		if ct, ok := res.Header["Content-Type"]; ok {
+			return fmt.Errorf("should have no content type and %s is present", ct)
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+}
--- a/integration/testdata/rawdata-ingress.json
+++ b/integration/testdata/rawdata-ingress.json
@@ -60,7 +60,7 @@
 	"middlewares": {
 		"dashboard_redirect@internal": {
 			"redirectRegex": {
-				"regex": "^(http:\\/\\/[^:]+(:\\d+)?)/$",
+				"regex": "^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$",
 				"replacement": "${1}/dashboard/",
 				"permanent": true
 			},
--- a/pkg/api/handler_entrypoint_test.go
+++ b/pkg/api/handler_entrypoint_test.go
@@ -67,7 +67,7 @@ func TestHandler_EntryPoints(t *testing.T) {
 							TrustedIPs: []string{"192.168.1.3", "192.168.1.4"},
 						},
 					},
-					"web-secure": {
+					"websecure": {
 						Address: ":443",
 						Transport: &static.EntryPointsTransport{
 							LifeCycle: &static.LifeCycle{
--- a/pkg/api/testdata/entrypoints.json
+++ b/pkg/api/testdata/entrypoints.json
@@ -37,7 +37,7 @@
 				"192.168.1.40"
 			]
 		},
-		"name": "web-secure",
+		"name": "websecure",
 		"proxyProtocol": {
 			"insecure": true,
 			"trustedIPs": [
--- a/pkg/config/dynamic/middlewares.go
+++ b/pkg/config/dynamic/middlewares.go
@@ -35,6 +35,22 @@ type Middleware struct {
 	Compress          *Compress          `json:"compress,omitempty" toml:"compress,omitempty" yaml:"compress,omitempty" label:"allowEmpty"`
 	PassTLSClientCert *PassTLSClientCert `json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty"`
 	Retry             *Retry             `json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty"`
+	ContentType       *ContentType       `json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty"`
+}
+
+// +k8s:deepcopy-gen=true
+
+// ContentType middleware - or rather its unique `autoDetect` option -
+// specifies whether to let the `Content-Type` header,
+// if it has not been set by the backend,
+// be automatically set to a value derived from the contents of the response.
+// As a proxy, the default behavior should be to leave the header alone,
+// regardless of what the backend did with it.
+// However, the historic default was to always auto-detect and set the header if it was nil,
+// and it is going to be kept that way in order to support users currently relying on it.
+// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
+type ContentType struct {
+	AutoDetect bool `json:"autoDetect,omitempty" toml:"autoDetect,omitempty" yaml:"autoDetect,omitempty"`
 }

 // +k8s:deepcopy-gen=true
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ludovic Fernandez	1746ed6e1c	Prepare release v2.1.5	2020-02-28 18:02:05 +01:00
Ludovic Fernandez	664cd940c5	fix: YML example of template for the file provider.	2020-02-28 14:52:05 +01:00
Daniel Tomcej	f6c6c2b2c0	Allow fsnotify to reload config files on k8s (or symlinks)	2020-02-26 17:50:07 +01:00
Ludovic Fernandez	70fdfeb926	Use explicitly the word Kubernetes in the migration guide.	2020-02-26 16:38:05 +01:00
Evan Lurvey	f4d62d3342	Fix docs and code to match in haystack tracing.	2020-02-26 11:10:06 +01:00
Ludovic Fernandez	54df7b0a3c	Update go-acme/lego to v3.4.0	2020-02-26 10:36:05 +01:00
Ludovic Fernandez	9795a7c4a9	fix: consul-catalog use port from label instead of item port.	2020-02-25 23:00:04 +01:00
Julien Salleyron	1557fda588	Consider SSLv2 as TLS in order to close the handshake correctly	2020-02-25 17:50:05 +01:00
Julien Salleyron	1e7f34c271	Launch healhcheck only one time instead of two	2020-02-25 16:30:05 +01:00
Michael	d71e8ab7c9	Fix secret informer load	2020-02-25 15:14:04 +01:00
Daniel Tomcej	3b4c8ba439	Use consistent protocol determination	2020-02-25 10:12:04 +01:00
Patrick Schaub	e04ebaa364	Fix typo in the godoc of TLS option MaxVersion	2020-02-21 17:48:05 +01:00
Ludovic Fernandez	aab7043d45	Add information about filename and directory options.	2020-02-18 17:30:05 +01:00
rYR79435	ef504f3eba	Remove TLS cipher suites for TLS minVersion 1.3	2020-02-17 17:38:05 +01:00
Bret Fisher	86407871e6	Docs: Clarifying format of ingress endpoint service name	2020-02-17 17:30:06 +01:00
Ludovic Fernandez	76bb2ef60c	fix: dashboard example with k8s CRD.	2020-02-17 17:20:05 +01:00
Ludovic Fernandez	beec65938e	Improve documentation.	2020-02-17 11:04:04 +01:00
Ludovic Fernandez	d501c0786f	Early filter of the catalog services.	2020-02-13 10:26:04 +01:00
Jean-Baptiste Doumenjou	322c329c6f	fix: use the right error in the log	2020-02-12 18:28:05 +01:00
Vyacheslav Matyukhin	4a1d20e8a3	Fix formatting in "Kubernetes Namespace" block	2020-02-12 14:26:05 +01:00
Ludovic Fernandez	c33348e80c	fix: return an error when ping is not enabled.	2020-02-11 16:06:06 +01:00
Andrew Parker	6e43ab5897	Don't throw away valid configuration updates	2020-02-10 21:40:06 +01:00
Rowayda Khayri	8bb625adb7	Minor readme improvements	2020-02-10 14:54:05 +01:00
Isaac Newton K	cf2b97b656	Added link to community forum	2020-02-07 17:36:05 +01:00
Ludovic Fernandez	2e8cbd81b4	Prepare release v2.1.4	2020-02-06 17:54:03 +01:00
Daniel Tomcej	b498c7bcbb	Properly purge default certificate from stores before logging	2020-02-05 18:46:03 +01:00
silenceshell	e78843bdca	fix a typo	2020-02-05 14:08:04 +01:00
Steve Groom	2eaf3136f9	Minor documentation tweaks.	2020-02-04 21:20:04 +01:00
谭九鼎	6b6ab9fe6d	readme: update links to use HTTPS	2020-02-04 17:46:03 +01:00
Renee Margaret McConahy	f35b9a4509	Correct a trivial spelling mistake in the documentation.	2020-02-03 22:34:05 +01:00
Julien Salleyron	349ce004f8	don't create http client for each request in forwardAuth middleware	2020-02-03 18:44:03 +01:00
Julien Salleyron	1b63c95c4e	Fix kubernetes providers shutdown and clean safe.Pool	2020-02-03 17:56:04 +01:00
Sander Lissenburg	c80d53e7e5	Update install-traefik.md	2020-02-03 17:18:04 +01:00
Ludovic Fernandez	eb2028e0fa	Add missing certResolver in IngressRoute examples.	2020-02-03 14:54:06 +01:00
Daniel Tomcej	03689251c5	Allow wildcard hosts in ingress provider	2020-02-03 11:24:06 +01:00
Alan	85c08312be	Documentation fix for acme.md CLI	2020-02-02 13:50:03 +01:00
mpl	16288d171c	use provider-qualified name when recursing for chain	2020-01-27 10:40:05 +01:00
Ludovic Fernandez	87044c54f4	Improvement of the certificates resolvers logs	2020-01-24 16:30:07 +01:00
Ludovic Fernandez	a4e8d3cb36	doc: use the same entry point name everywhere	2020-01-23 16:36:07 +01:00
Ludovic Fernandez	c796cd2250	Prepare release v2.1.3	2020-01-21 18:20:05 +01:00
Julien Salleyron	c296a4a967	Remove Content-Type auto-detection Co-authored-by: mpl <mathieu.lonjaret@gmail.com>	2020-01-21 18:06:03 +01:00
mpl	24192a3797	fix memleak in safe.Pool Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2020-01-20 17:42:05 +01:00
Julien Salleyron	f84d947115	Use the calculated port when useBindPortIP is enabled	2020-01-20 15:56:05 +01:00
Ludovic Fernandez	9544dece07	fix: invalid service definition.	2020-01-20 15:28:06 +01:00
Ludovic Fernandez	6c4d7fd377	doc: adds an explanation of the global redirection pattern.	2020-01-20 15:04:09 +01:00
Jan	8d467ddd61	Adding an explanation how to use `htpasswd` for k8s secret	2020-01-20 13:24:05 +01:00
Ludovic Fernandez	db28ee1ff7	Update golangci-lint version.	2020-01-19 23:00:06 +01:00
Simon	144eee7fbf	Update go-acme/lego to v3.3.0	2020-01-17 15:20:05 +01:00
Ludovic Fernandez	4329d393e6	Update license date	2020-01-14 15:22:05 +01:00
Igor Scheller	c132d71684	Fixed typo in k8s doc	2020-01-13 15:54:06 +01:00
Evert Arias	8410f61c73	Fix small typo in user-guides documentation	2020-01-10 21:34:04 +01:00
thatshubham	5b0e93552c	Update Marathon.md	2020-01-10 02:40:03 +01:00
tvrg	5eebd04d43	Fix typo in docker routing documentation	2020-01-09 16:34:05 +01:00
Ludovic Fernandez	4461ecfed1	Prepare release v2.1.2	2020-01-07 16:56:05 +01:00
Gary Kramlich	bd676922c3	k8s Ingress: fix crash on rules with nil http	2020-01-07 16:26:08 +01:00
José Carlos Chávez	49356cadd4	fix(tracing): makes sure tracing headers are being propagated when using forwardAuth	2020-01-07 15:48:07 +01:00
Ludovic Fernandez	c02f222005	Improves error message when a configuration file is empty.	2020-01-07 15:24:05 +01:00
Jean-Baptiste Doumenjou	d3977ce40e	Improve documentation about Kubernetes IngressRoute	2020-01-07 11:26:05 +01:00
Jean-Baptiste Doumenjou	7283d7eb2f	Log the ignored namespace only when needed	2020-01-07 10:46:04 +01:00
Julien Salleyron	807dc46ad0	Handle respondingtimeout and better shutdown tests. Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>	2020-01-06 16:56:05 +01:00
Tiago Boeing	0837ec9b70	Fix command for use websecure via CLI	2020-01-01 01:56:04 +01:00
Ludovic Fernandez	b380522df8	fix: dashboard redirect loop	2019-12-24 17:36:04 +01:00
Ludovic Fernandez	c127d34d32	fix: Malformed x-b3-traceid Header	2019-12-22 08:24:03 +01:00
der-domi	bc0b97d5d8	Update ipwhitelist.md	2019-12-19 21:38:03 +01:00
Manuel Zapf	431abe79f3	Query consul for service health separately	2019-12-19 11:00:07 +01:00
Dmitry Sharshakov	4f669bdd66	Don't set user-agent to Go-http-client/1.1	2019-12-18 11:22:06 +01:00
Ludovic Fernandez	8930236396	fix: invalid label/flag parsing.	2019-12-17 16:10:06 +01:00
Ludovic Fernandez	4d0aee67be	doc: remove section about templates	2019-12-17 14:30:06 +01:00
Kenneth Peiruza	b501c6d5bf	Added ExternalName https support for Kubernetes CRD, as done in v2.0	2019-12-16 21:48:03 +01:00
Ludovic Fernandez	7dcee38b21	Use consistent name in ACME documentation	2019-12-13 15:46:06 +01:00
Damien Duportal	903c63ac13	add a documentation example for dashboard and api for kubernetes CRD	2019-12-13 10:36:04 +01:00