Prepare release v2.11.8

Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>

.dockerignore

@@ -1,5 +1,5 @@
 dist/
-!dist/traefik
+!dist/**/traefik
 site/
 vendor/
 .idea/

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,11 +2,11 @@
 PLEASE READ THIS MESSAGE.
 
 Documentation fixes or enhancements:
-- for Traefik v2: use branch v2.10
+- for Traefik v2: use branch v2.11
 - for Traefik v3: use branch v3.0
 
 Bug fixes:
-- for Traefik v2: use branch v2.10
+- for Traefik v2: use branch v2.11
 - for Traefik v3: use branch v3.0
 
 Enhancements:

.github/workflows/build.yaml

@@ -4,30 +4,45 @@ on:
   pull_request:
     branches:
       - '*'
+    paths-ignore:
+      - 'docs/**'
+      - '**.md'
+      - 'script/gcg/**'
 
 env:
-  GO_VERSION: '1.21'
+  GO_VERSION: '1.22'
   CGO_ENABLED: 0
-  IN_DOCKER: ""
 
 jobs:
 
   build-webui:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: webui/.nvmrc
+          cache: yarn
+          cache-dependency-path: webui/yarn.lock
+
       - name: Build webui
+        working-directory: ./webui
+        run: |
+          yarn install
+          yarn build
+
+      - name: Package webui
         run: |
-          make clean-webui generate-webui
           tar czvf webui.tar.gz ./webui/static/
 
       - name: Artifact webui
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: webui.tar.gz
           path: webui.tar.gz
@@ -36,41 +51,25 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ ubuntu-20.04, macos-latest, windows-latest ]
+        os: [ ubuntu-latest, macos-latest, windows-latest ]
     needs:
       - build-webui
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
 
     steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
       - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
 
-      - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          path: go/src/github.com/traefik/traefik
-          fetch-depth: 0
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-            ~/Library/Caches/go-build
-            '%LocalAppData%\go-build'
-          key: ${{ runner.os }}-build-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-go-
-
       - name: Artifact webui
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
         with:
           name: webui.tar.gz
-          path: ${{ github.workspace }}/go/src/github.com/traefik/traefik
 
       - name: Untar webui
         run: tar xvf webui.tar.gz

.github/workflows/check_doc.yml

@@ -9,11 +9,11 @@ jobs:
 
   docs:
     name: Check, verify and build documentation
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/codeql.yml

@@ -28,11 +28,17 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
+
+    - name: setup go
+      uses: actions/setup-go@v5
+      if: ${{ matrix.language == 'go' }}
+      with:
+        go-version-file: 'go.mod'
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -46,7 +52,7 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -59,6 +65,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/documentation.yml

@@ -14,17 +14,17 @@ jobs:
 
   docs:
     name: Doc Process
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     if: github.repository == 'traefik/traefik'
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

.github/workflows/experimental.yaml

@@ -6,32 +6,63 @@ on:
       - master
       - v*
 
+env:
+  GO_VERSION: '1.22'
+  CGO_ENABLED: 0
+
 jobs:
 
   experimental:
     if: github.repository == 'traefik/traefik'
     name: Build experimental image on branch
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
 
       # https://github.com/marketplace/actions/checkout
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: webui/.nvmrc
+          cache: yarn
+          cache-dependency-path: webui/yarn.lock
+
+      - name: Build webui
+        working-directory: ./webui
+        run: |
+          yarn install
+          yarn build
+
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Build
+        run: make generate binary
+
       - name: Branch name
         run: echo ${GITHUB_REF##*/}
 
-      - name: Build docker experimental image
-        run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
-
       - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Push to Docker Hub
-        run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build docker experimental image
+        env:
+          DOCKER_BUILDX_ARGS: "--push"
+        run: |
+          make multi-arch-image-experimental-${GITHUB_REF##*/}

.github/workflows/test-integration.yaml

@@ -0,0 +1,76 @@
+name: Test Integration
+
+on:
+  pull_request:
+    branches:
+      - '*'
+    paths-ignore:
+      - 'docs/**'
+      - '**.md'
+      - 'script/gcg/**'
+
+env:
+  GO_VERSION: '1.22'
+  CGO_ENABLED: 0
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Avoid generating webui
+        run: touch webui/static/index.html
+
+      - name: Build binary
+        run: make binary
+
+  test-integration:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    strategy:
+      fail-fast: true
+      matrix:
+        parallel: [12]
+        index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Avoid generating webui
+        run: touch webui/static/index.html
+
+      - name: Build binary
+        run: make binary
+
+      - name: Generate go test Slice
+        id: test_split
+        uses: hashicorp-forge/go-test-split-action@v2.0.0
+        with:
+          packages: ./integration
+          total: ${{ matrix.parallel }}
+          index: ${{ matrix.index }}
+
+      - name: Run Integration tests
+        run: |
+          TESTS=$(echo "${{ steps.test_split.outputs.run}}" | sed 's/\$/\$\$/g')
+          TESTFLAGS="-run \"${TESTS}\"" make test-integration

.github/workflows/test-unit.yaml

@@ -4,43 +4,53 @@ on:
   pull_request:
     branches:
       - '*'
+    paths-ignore:
+      - 'docs/**'
+      - '**.md'
+      - 'script/gcg/**'
 
 env:
-  GO_VERSION: '1.21'
-  IN_DOCKER: ""
+  GO_VERSION: '1.22'
 
 jobs:
 
   test-unit:
-    runs-on: ubuntu-20.04
-
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
+    runs-on: ubuntu-latest
 
     steps:
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          path: go/src/github.com/traefik/traefik
           fetch-depth: 0
 
-      - name: Cache Go modules
-        uses: actions/cache@v3
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
         with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-test-unit-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-test-unit-go-
+          go-version: ${{ env.GO_VERSION }}
 
       - name: Avoid generating webui
         run: touch webui/static/index.html
 
       - name: Tests
         run: make test-unit
+
+  test-ui-unit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: webui/.nvmrc
+          cache: 'yarn'
+          cache-dependency-path: webui/yarn.lock
+
+      - name: UI unit tests
+        run: |
+          yarn --cwd webui install
+          yarn --cwd webui test:unit:ci

.github/workflows/validate.yaml

@@ -6,40 +6,25 @@ on:
       - '*'
 
 env:
-  GO_VERSION: '1.21'
-  GOLANGCI_LINT_VERSION: v1.55.2
-  MISSSPELL_VERSION: v0.4.0
-  IN_DOCKER: ""
+  GO_VERSION: '1.22'
+  GOLANGCI_LINT_VERSION: v1.59.0
+  MISSSPELL_VERSION: v0.6.0
 
 jobs:
 
   validate:
-    runs-on: ubuntu-20.04
-
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
+    runs-on: ubuntu-latest
 
     steps:
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          path: go/src/github.com/traefik/traefik
           fetch-depth: 0
 
-      - name: Cache Go modules
-        uses: actions/cache@v3
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
         with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-validate-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-validate-go-
+          go-version: ${{ env.GO_VERSION }}
 
       - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
         run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
@@ -54,36 +39,22 @@ jobs:
         run: make validate
 
   validate-generate:
-    runs-on: ubuntu-20.04
-
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
+    runs-on: ubuntu-latest
 
     steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
       - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
 
-      - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          path: go/src/github.com/traefik/traefik
-          fetch-depth: 0
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-validate-generate-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-validate-generate-go-
-
       - name: go generate
         run: |
-          go generate
+          make generate
           git diff --exit-code
 
       - name: go mod tidy

.golangci.yml

@@ -1,8 +1,5 @@
 run:
   timeout: 10m
-  skip-files: []
-  skip-dirs:
-    - pkg/provider/kubernetes/crd/generated/
 
 linters-settings:
   govet:
@@ -146,42 +143,26 @@ linters-settings:
   gomoddirectives:
     replace-allow-list:
       - github.com/abbot/go-http-auth
-      - github.com/go-check/check
       - github.com/gorilla/mux
       - github.com/mailgun/minheap
       - github.com/mailgun/multibuf
       - github.com/jaguilar/vt100
+      - github.com/cucumber/godog
   testifylint:
-    enable:
-      - bool-compare
-      - compares
-      - empty
-      - error-is-as
-      - error-nil
-      - expected-actual
-      - float-compare
-      - len
+    disable:
       - suite-dont-use-pkg
-      - suite-extra-assert-call
-      - suite-thelper
-
+      - require-error
+      - go-require
+  errcheck:
+    exclude-functions:
+      - fmt.Fprintln
 linters:
   enable-all: true
   disable:
-    - deadcode # deprecated
-    - exhaustivestruct # deprecated
-    - golint # deprecated
-    - ifshort # deprecated
-    - interfacer # deprecated
-    - maligned # deprecated
-    - nosnakecase # deprecated
-    - scopelint # deprecated
-    - scopelint # deprecated
-    - structcheck # deprecated
-    - varcheck # deprecated
+    - execinquery # deprecated
+    - gomnd # deprecated
     - sqlclosecheck # not relevant (SQL)
     - rowserrcheck # not relevant (SQL)
-    - execinquery # not relevant (SQL)
     - cyclop # duplicate of gocyclo
     - lll # Not relevant
     - gocyclo # FIXME must be fixed
@@ -195,14 +176,14 @@ linters:
     - gochecknoglobals
     - wsl # Too strict
     - nlreturn # Not relevant
-    - gomnd # Too strict
+    - mnd # Too strict
     - stylecheck # skip because report issues related to some generated files.
     - testpackage # Too strict
     - tparallel # Not relevant
     - paralleltest # Not relevant
     - exhaustive # Not relevant
     - exhaustruct # Not relevant
-    - goerr113 # Too strict
+    - err113 # Too strict
     - wrapcheck # Too strict
     - noctx # Too strict
     - bodyclose # too many false-positive
@@ -216,11 +197,15 @@ linters:
     - maintidx # kind of duplicate of gocyclo
     - nonamedreturns # Too strict
     - gosmopolitan  # not relevant
+    - exportloopref # Useless with go1.22
+    - musttag
 
 issues:
   exclude-use-default: false
-  max-per-linter: 0
+  max-issues-per-linter: 0
   max-same-issues: 0
+  exclude-dirs:
+    - pkg/provider/kubernetes/crd/generated/
   exclude:
     - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
     - "should have a package comment, unless it's in another file for this package"
@@ -233,12 +218,16 @@ issues:
     - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
     - 'SA1019: c.Providers.Consul.Namespace is deprecated'
     - 'SA1019: c.Providers.Nomad.Namespace is deprecated'
+    - 'fmt.Sprintf can be replaced with string'
+    - 'SA1019: dockertypes.ContainerNode is deprecated'
   exclude-rules:
     - path: '(.+)_test.go'
       linters:
         - goconst
         - funlen
         - godot
+        - canonicalheader
+        - fatcontext
     - path: '(.+)_test.go'
       text: ' always receives '
       linters:

.goreleaser.yml.tmpl

@@ -46,7 +46,7 @@ builds:
         goarch: arm
 
 changelog:
-  skip: true
+  disable: true
 
 archives:
   - id: traefik

.semaphore/semaphore.yml

@@ -19,36 +19,18 @@ global_job_config:
   prologue:
     commands:
       - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
-      - sudo semgo go1.21
+      - sudo semgo go1.22
       - export "GOPATH=$(go env GOPATH)"
       - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
       - export "PATH=${GOPATH}/bin:${PATH}"
       - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
       - export GOPROXY=https://proxy.golang.org,direct
-      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.55.2
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.59.0
       - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
       - checkout
       - cache restore traefik-$(checksum go.sum)
 
 blocks:
-  - name: Test Integration
-    dependencies: []
-    run:
-      when: "branch =~ '.*' OR pull_request =~'.*'"
-    task:
-      jobs:
-        - name: Test Integration
-          commands:
-            - make pull-images
-            - touch webui/static/index.html # Avoid generating webui
-            - IN_DOCKER="" make binary
-            - make test-integration
-            - df -h
-      epilogue:
-        always:
-          commands:
-            - cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
-
   - name: Release
     dependencies: []
     run:
@@ -64,9 +46,7 @@ blocks:
         - name: GH_VERSION
           value: 2.32.1
         - name: CODENAME
-          value: "saintmarcelin"
-        - name: IN_DOCKER
-          value: ""
+          value: "mimolette"
       prologue:
         commands:
           - export VERSION=${SEMAPHORE_GIT_TAG_NAME}

CHANGELOG.md

@@ -1,3 +1,199 @@
+## [v2.11.8](https://github.com/traefik/traefik/tree/v2.11.8) (2024-08-06)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.7...v2.11.8)
+
+**Bug fixes:**
+- **[docker]** Update to github.com/docker/docker v27.1.1 ([#10955](https://github.com/traefik/traefik/pull/10955) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Upgrade webui dependencies ([#10961](https://github.com/traefik/traefik/pull/10961) by [mmatur](https://github.com/mmatur))
+
+**Documentation:**
+- Fix embedded youtube video ([#10958](https://github.com/traefik/traefik/pull/10958) by [mmatur](https://github.com/mmatur))
+- Updated index.md to include video ([#10944](https://github.com/traefik/traefik/pull/10944) by [tomatokoolaid](https://github.com/tomatokoolaid))
+
+## [v2.11.7](https://github.com/traefik/traefik/tree/v2.11.7) (2024-07-30)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.6...v2.11.7)
+
+**Bug fixes:**
+- **[logs]** Make the log about new version more accurate ([#10903](https://github.com/traefik/traefik/pull/10903) by [jmcbri](https://github.com/jmcbri))
+- **[tls,k8s/crd,k8s]** Enforce default cipher suites list ([#10907](https://github.com/traefik/traefik/pull/10907) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[acme]** Modify certificatesDuration documentation ([#10920](https://github.com/traefik/traefik/pull/10920) by [peacewalker122](https://github.com/peacewalker122))
+- **[api]** Improve explanation on API exposition ([#10926](https://github.com/traefik/traefik/pull/10926) by [mloiseleur](https://github.com/mloiseleur))
+- **[docker,consul,rancher,ecs]** Improve doc on sensitive data stored into labels/tags ([#10873](https://github.com/traefik/traefik/pull/10873) by [emilevauge](https://github.com/emilevauge))
+- **[docker,logs]** Improve error and documentation on the needed link between router and service ([#10262](https://github.com/traefik/traefik/pull/10262) by [mloiseleur](https://github.com/mloiseleur))
+- **[docker]** Document Docker port selection on multiple exposed ports ([#10935](https://github.com/traefik/traefik/pull/10935) by [mbrodala](https://github.com/mbrodala))
+- Update the supported versions table for v3.1 release ([#10933](https://github.com/traefik/traefik/pull/10933) by [jnoordsij](https://github.com/jnoordsij))
+- Update PR approval process ([#10887](https://github.com/traefik/traefik/pull/10887) by [emilevauge](https://github.com/emilevauge))
+
+## [v2.11.6](https://github.com/traefik/traefik/tree/v2.11.6) (2024-07-02)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.5...v2.11.6)
+
+**Bug fixes:**
+- **[ecs]** Fix ECS config for OIDC + IRSA ([#10814](https://github.com/traefik/traefik/pull/10814) by [mmatur](https://github.com/mmatur))
+- **[http3]** Disable QUIC 0-RTT ([#10867](https://github.com/traefik/traefik/pull/10867) by [mmatur](https://github.com/mmatur))
+- **[middleware,server]** Remove interface names from IPv6 ([#10813](https://github.com/traefik/traefik/pull/10813) by [JeroenED](https://github.com/JeroenED))
+
+**Documentation:**
+- **[docker,acme]** Fix a typo in the ACME docker-compose docs ([#10866](https://github.com/traefik/traefik/pull/10866) by [ciacon](https://github.com/ciacon))
+- Update Advanced Capabilities Callout ([#10846](https://github.com/traefik/traefik/pull/10846) by [tomatokoolaid](https://github.com/tomatokoolaid))
+- Update maintainers ([#10834](https://github.com/traefik/traefik/pull/10834) by [emilevauge](https://github.com/emilevauge))
+- Fix readme badge for Semaphore CI ([#10830](https://github.com/traefik/traefik/pull/10830) by [mmatur](https://github.com/mmatur))
+- Fix typo in keepAliveMaxTime docs ([#10825](https://github.com/traefik/traefik/pull/10825) by [shochdoerfer](https://github.com/shochdoerfer))
+
+## [v2.11.5](https://github.com/traefik/traefik/tree/v2.11.5) (2024-06-18)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.4...v2.11.5)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.17.4 ([#10803](https://github.com/traefik/traefik/pull/10803) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- Update the supported versions table ([#10798](https://github.com/traefik/traefik/pull/10798) by [nmengin](https://github.com/nmengin))
+
+## [v2.11.4](https://github.com/traefik/traefik/tree/v2.11.4) (2024-06-10)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.3...v2.11.4)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.17.3 ([#10768](https://github.com/traefik/traefik/pull/10768) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[acme]** Fix .com and .org domain examples  ([#10635](https://github.com/traefik/traefik/pull/10635) by [rptaylor](https://github.com/rptaylor))
+- **[middleware]** Add a note about the Ratelimit middleware's behavior when the sourceCriterion header is missing ([#10752](https://github.com/traefik/traefik/pull/10752) by [dgutzmann](https://github.com/dgutzmann))
+- Add user guides link to getting started ([#10785](https://github.com/traefik/traefik/pull/10785) by [norlinhenrik](https://github.com/norlinhenrik))
+- Remove helm default repo warning as repo has been long deprecated ([#10772](https://github.com/traefik/traefik/pull/10772) by [corneliusroemer](https://github.com/corneliusroemer))
+
+## [v2.11.3](https://github.com/traefik/traefik/tree/v2.11.3) (2024-05-17)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.2...v2.11.3)
+
+**Bug fixes:**
+- **[server]** Remove deadlines for non-TLS connections ([#10615](https://github.com/traefik/traefik/pull/10615) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Display of Content Security Policy values getting out of screen ([#10710](https://github.com/traefik/traefik/pull/10710) by [brandonfl](https://github.com/brandonfl))
+- **[webui]** Fix provider icon size ([#10621](https://github.com/traefik/traefik/pull/10621) by [framebassman](https://github.com/framebassman))
+
+**Documentation:**
+- **[k8s/crd]** Fix migration/v2.md ([#10658](https://github.com/traefik/traefik/pull/10658) by [stemar94](https://github.com/stemar94))
+- **[k8s/gatewayapi]** Fix HTTPRoute use of backendRefs ([#10630](https://github.com/traefik/traefik/pull/10630) by [sakaru](https://github.com/sakaru))
+- **[k8s/gatewayapi]** Fix HTTPRoute path type ([#10629](https://github.com/traefik/traefik/pull/10629) by [sakaru](https://github.com/sakaru))
+- **[k8s]** Improve mirroring example on Kubernetes ([#10701](https://github.com/traefik/traefik/pull/10701) by [mloiseleur](https://github.com/mloiseleur))
+- Consistent entryPoints capitalization in CLI flag usage ([#10650](https://github.com/traefik/traefik/pull/10650) by [jnoordsij](https://github.com/jnoordsij))
+- Fix unfinished migration sentence for v2.11.2 ([#10633](https://github.com/traefik/traefik/pull/10633) by [kevinpollet](https://github.com/kevinpollet))
+
+## [v2.11.2](https://github.com/traefik/traefik/tree/v2.11.2) (2024-04-11)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.1...v2.11.2)
+
+**Bug fixes:**
+- **[server]** Revert LingeringTimeout and change default value for ReadTimeout ([#10599](https://github.com/traefik/traefik/pull/10599) by [kevinpollet](https://github.com/kevinpollet))
+- **[server]** Set default ReadTimeout value to 60s ([#10602](https://github.com/traefik/traefik/pull/10602) by [rtribotte](https://github.com/rtribotte))
+
+## [v2.11.1](https://github.com/traefik/traefik/tree/v2.11.1) (2024-04-10)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.0...v2.11.1)
+
+**Bug fixes:**
+- **[acme,tls]** Enforce handling of ACME-TLS/1 challenges ([#10536](https://github.com/traefik/traefik/pull/10536) by [rtribotte](https://github.com/rtribotte))
+- **[acme]** Update go-acme/lego to v4.16.1 ([#10508](https://github.com/traefik/traefik/pull/10508) by [ldez](https://github.com/ldez))
+- **[acme]** Close created file in ACME local store CheckFile func ([#10574](https://github.com/traefik/traefik/pull/10574) by [testwill](https://github.com/testwill))
+- **[docker,http3]** Update to quic-go v0.42.0 and docker/cli v24.0.9 ([#10572](https://github.com/traefik/traefik/pull/10572) by [mloiseleur](https://github.com/mloiseleur))
+- **[docker,marathon,rancher,ecs,tls,nomad]** Allow to configure TLSStore default generated certificate with labels ([#10439](https://github.com/traefik/traefik/pull/10439) by [kevinpollet](https://github.com/kevinpollet))
+- **[ecs]** Adjust ECS network interface detection logic ([#10550](https://github.com/traefik/traefik/pull/10550) by [amaxine](https://github.com/amaxine))
+- **[logs,tls]** Fix log when default TLSStore and TLSOptions are defined multiple times ([#10499](https://github.com/traefik/traefik/pull/10499) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Allow empty replacement with ReplacePathRegex middleware ([#10538](https://github.com/traefik/traefik/pull/10538) by [rtribotte](https://github.com/rtribotte))
+- **[plugins]** Update Yaegi to v0.16.1 ([#10565](https://github.com/traefik/traefik/pull/10565) by [ldez](https://github.com/ldez))
+- **[provider,rules]** Don't allow routers higher than internal ones ([#10428](https://github.com/traefik/traefik/pull/10428) by [ldez](https://github.com/ldez))
+- **[rules]** Reserve priority range for internal routers ([#10541](https://github.com/traefik/traefik/pull/10541) by [youkoulayley](https://github.com/youkoulayley))
+- **[server,tcp]** Introduce Lingering Timeout ([#10569](https://github.com/traefik/traefik/pull/10569) by [rtribotte](https://github.com/rtribotte))
+- **[tcp]** Enforce failure for TCP HostSNI with hostname ([#10540](https://github.com/traefik/traefik/pull/10540) by [youkoulayley](https://github.com/youkoulayley))
+- **[tracing]** Bump Elastic APM to v2.4.8 ([#10512](https://github.com/traefik/traefik/pull/10512) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Fix dashboard exposition through a router ([#10518](https://github.com/traefik/traefik/pull/10518) by [mmatur](https://github.com/mmatur))
+- **[webui]** Display IPAllowlist middleware configuration in dashboard ([#10459](https://github.com/traefik/traefik/pull/10459) by [youkoulayley](https://github.com/youkoulayley))
+- **[webui]** Make text more readable in dark mode ([#10473](https://github.com/traefik/traefik/pull/10473) by [hood](https://github.com/hood))
+- **[webui]** Migrate to Quasar 2.x and Vue.js 3.x ([#10416](https://github.com/traefik/traefik/pull/10416) by [andsarr](https://github.com/andsarr))
+- **[webui]** Add a horizontal scroll for the mobile view ([#10480](https://github.com/traefik/traefik/pull/10480) by [framebassman](https://github.com/framebassman))
+
+**Documentation:**
+- **[acme]** Update gandiv5 env variable in providers table ([#10506](https://github.com/traefik/traefik/pull/10506) by [dominiwe](https://github.com/dominiwe))
+- **[acme]** Fix multiple dns provider documentation ([#10496](https://github.com/traefik/traefik/pull/10496) by [mmatur](https://github.com/mmatur))
+- **[docker]** Fix paragraph in entrypoints and Docker docs ([#10491](https://github.com/traefik/traefik/pull/10491) by [luigir-it](https://github.com/luigir-it))
+- **[k8s]** Improve middleware example ([#10532](https://github.com/traefik/traefik/pull/10532) by [mloiseleur](https://github.com/mloiseleur))
+- **[metrics]** Fix host header mention in prometheus metrics doc ([#10502](https://github.com/traefik/traefik/pull/10502) by [MorphBonehunter](https://github.com/MorphBonehunter))
+- **[metrics]** Fix typo in statsd metrics docs ([#10437](https://github.com/traefik/traefik/pull/10437) by [xpac1985](https://github.com/xpac1985))
+- **[middleware]** Improve excludedIPs example with IPWhiteList and IPAllowList middleware ([#10554](https://github.com/traefik/traefik/pull/10554) by [mloiseleur](https://github.com/mloiseleur))
+- **[nomad]** Improve documentation about Nomad ACL minimum rights ([#10482](https://github.com/traefik/traefik/pull/10482) by [Thadir](https://github.com/Thadir))
+- **[server]** Add specification for TCP TLS routers in documentation ([#10510](https://github.com/traefik/traefik/pull/10510) by [shivanipawar00](https://github.com/shivanipawar00))
+- **[tls]** Fix default value for peerCertURI option ([#10470](https://github.com/traefik/traefik/pull/10470) by [marcmognol](https://github.com/marcmognol))
+- Update releases page ([#10449](https://github.com/traefik/traefik/pull/10449) by [ldez](https://github.com/ldez))
+- Update releases page ([#10443](https://github.com/traefik/traefik/pull/10443) by [ldez](https://github.com/ldez))
+- Add youkoulayley to maintainers ([#10517](https://github.com/traefik/traefik/pull/10517) by [emilevauge](https://github.com/emilevauge))
+- Add sdelicata to maintainers ([#10515](https://github.com/traefik/traefik/pull/10515) by [emilevauge](https://github.com/emilevauge))
+
+**Misc:**
+- **[webui]** Modify the Hub Button ([#10583](https://github.com/traefik/traefik/pull/10583) by [mdeliatf](https://github.com/mdeliatf))
+
+## [v2.11.0](https://github.com/traefik/traefik/tree/v2.11.0) (2024-02-12)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0)
+
+**Enhancements:**
+- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui))
+- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley))
+- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens))
+- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley))
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.15.0 ([#10392](https://github.com/traefik/traefik/pull/10392) by [ldez](https://github.com/ldez))
+- **[authentication]** Fix NTLM and Kerberos ([#10405](https://github.com/traefik/traefik/pull/10405) by [juliens](https://github.com/juliens))
+- **[file]** Fix file watcher ([#10420](https://github.com/traefik/traefik/pull/10420) by [juliens](https://github.com/juliens))
+- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez))
+- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
+- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
+- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens))
+- **[webui]** Fixes the Header Button ([#10395](https://github.com/traefik/traefik/pull/10395) by [mdeliatf](https://github.com/mdeliatf))
+- **[webui]** Fix URL encode resource's id before calling API endpoints ([#10292](https://github.com/traefik/traefik/pull/10292) by [andsarr](https://github.com/andsarr))
+
+**Documentation:**
+- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz))
+- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx))
+- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla))
+- **[ecs]** Mention ECS as supported backend ([#10393](https://github.com/traefik/traefik/pull/10393) by [aleyrizvi](https://github.com/aleyrizvi))
+- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Update the documentation for RateLimit to provide a better example ([#10298](https://github.com/traefik/traefik/pull/10298) by [rmburton](https://github.com/rmburton))
+- **[server]** Fix the keepAlive options for the CLI examples ([#10398](https://github.com/traefik/traefik/pull/10398) by [immanuelfodor](https://github.com/immanuelfodor))
+- Prepare release v2.11.0-rc2 ([#10384](https://github.com/traefik/traefik/pull/10384) by [rtribotte](https://github.com/rtribotte))
+- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
+- Prepare release v2.11.0-rc1 ([#10326](https://github.com/traefik/traefik/pull/10326) by [mmatur](https://github.com/mmatur))
+- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty))
+- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx))
+
+## [v2.11.0-rc2](https://github.com/traefik/traefik/tree/v2.11.0-rc2) (2024-01-24)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0-rc2)
+
+**Bug fixes:**
+- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
+- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
+
+**Documentation:**
+- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
+
+## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02)
+[All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1)
+
+**Enhancements:**
+- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui))
+- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley))
+- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens))
+- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley))
+
+**Bug fixes:**
+- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez))
+- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens))
+
+**Documentation:**
+- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz))
+- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla))
+- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx))
+- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte))
+- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty))
+- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx))
+
 ## [v2.10.7](https://github.com/traefik/traefik/tree/v2.10.7) (2023-12-06)
 [All Commits](https://github.com/traefik/traefik/compare/v2.10.6...v2.10.7)
 

Dockerfile

@@ -1,6 +1,12 @@
-FROM scratch
-COPY script/ca-certificates.crt /etc/ssl/certs/
-COPY dist/traefik /
+# syntax=docker/dockerfile:1.2
+FROM alpine:3.20
+
+RUN apk add --no-cache --no-progress ca-certificates tzdata
+
+ARG TARGETPLATFORM
+COPY ./dist/$TARGETPLATFORM/traefik /
+
 EXPOSE 80
 VOLUME ["/tmp"]
+
 ENTRYPOINT ["/traefik"]

LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs
+Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -6,121 +6,109 @@ VERSION_GIT := $(if $(TAG_NAME),$(TAG_NAME),$(SHA))
 VERSION := $(if $(VERSION),$(VERSION),$(VERSION_GIT))
 
 GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
-TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
 
 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
-TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
+BIN_NAME := traefik
+CODENAME ?= cheddar
 
-INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)",-v "/var/run/docker.sock:/var/run/docker.sock")
-DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
+DATE := $(shell date -u '+%Y-%m-%d_%I:%M:%S%p')
 
-# only used when running in docker
-TRAEFIK_ENVS := \
-	-e OS_ARCH_ARG \
-	-e OS_PLATFORM_ARG \
-	-e TESTFLAGS \
-	-e VERBOSE \
-	-e VERSION \
-	-e CODENAME \
-	-e TESTDIRS \
-	-e CI \
-	-e IN_DOCKER=true		# Indicator for integration tests that we are running inside a container.
+# Default build target
+GOOS := $(shell go env GOOS)
+GOARCH := $(shell go env GOARCH)
 
-TRAEFIK_MOUNT := -v "$(CURDIR)/dist:/go/src/github.com/traefik/traefik/dist"
-DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
-DOCKER_NON_INTERACTIVE ?= false
-DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
-DOCKER_RUN_TRAEFIK_TEST := docker run --add-host=host.docker.internal:127.0.0.1 --rm --name=traefik --network traefik-test-network -v $(PWD):$(PWD) -w $(PWD) $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
-DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -i) $(DOCKER_RUN_OPTS)
+LINT_EXECUTABLES = misspell shellcheck
 
-IN_DOCKER ?= true
+DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64
 
 .PHONY: default
-default: binary
+#? default: Run `make generate` and `make binary`
+default: generate binary
 
-## Create the "dist" directory
+#? dist: Create the "dist" directory
 dist:
 	mkdir -p dist
 
-## Build Dev Docker image
-.PHONY: build-dev-image
-build-dev-image: dist
-ifneq ("$(IN_DOCKER)", "")
-	docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
-endif
-
-## Build Dev Docker image without cache
-.PHONY: build-dev-image-no-cache
-build-dev-image-no-cache: dist
-ifneq ("$(IN_DOCKER)", "")
-	docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
-endif
-
-## Build WebUI Docker image
 .PHONY: build-webui-image
+#? build-webui-image: Build WebUI Docker image
 build-webui-image:
 	docker build -t traefik-webui -f webui/Dockerfile webui
 
-## Clean WebUI static generated assets
 .PHONY: clean-webui
+#? clean-webui: Clean WebUI static generated assets
 clean-webui:
 	rm -r webui/static
 	mkdir -p webui/static
 	printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
 
-## Generate WebUI
 webui/static/index.html:
 	$(MAKE) build-webui-image
 	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
 	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
 
 .PHONY: generate-webui
+#? generate-webui: Generate WebUI
 generate-webui: webui/static/index.html
 
-## Build the binary
+.PHONY: generate
+#? generate: Generate code (Dynamic and Static configuration documentation reference files)
+generate:
+	go generate
+
 .PHONY: binary
-binary: generate-webui build-dev-image
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
+#? binary: Build the binary
+binary: generate-webui dist
+	@echo SHA: $(VERSION) $(CODENAME) $(DATE)
+	CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \
+    -X github.com/traefik/traefik/v2/pkg/version.Version=$(VERSION) \
+    -X github.com/traefik/traefik/v2/pkg/version.Codename=$(CODENAME) \
+    -X github.com/traefik/traefik/v2/pkg/version.BuildDate=$(DATE)" \
+    -installsuffix nocgo -o "./dist/${GOOS}/${GOARCH}/$(BIN_NAME)" ./cmd/traefik
 
-## Build the linux binary locally
-.PHONY: binary-debug
-binary-debug: generate-webui
-	GOOS=linux ./script/make.sh binary
+binary-linux-arm64: export GOOS := linux
+binary-linux-arm64: export GOARCH := arm64
+binary-linux-arm64:
+	@$(MAKE) binary
+
+binary-linux-amd64: export GOOS := linux
+binary-linux-amd64: export GOARCH := amd64
+binary-linux-amd64:
+	@$(MAKE) binary
+
+binary-windows-amd64: export GOOS := windows
+binary-windows-amd64: export GOARCH := amd64
+binary-windows-amd64: export BIN_NAME := traefik.exe
+binary-windows-amd64:
+	@$(MAKE) binary
 
-## Build the binary for the standard platforms (linux, darwin, windows)
 .PHONY: crossbinary-default
-crossbinary-default: generate-webui build-dev-image
-	$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
+#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows)
+crossbinary-default: generate generate-webui
+	$(CURDIR)/script/crossbinary-default.sh
 
-## Build the binary for the standard platforms (linux, darwin, windows) in parallel
-.PHONY: crossbinary-default-parallel
-crossbinary-default-parallel:
-	$(MAKE) generate-webui
-	$(MAKE) build-dev-image crossbinary-default
-
-## Run the unit and integration tests
 .PHONY: test
-test: build-dev-image
-	-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
-	trap 'docker network rm traefik-test-network' EXIT; \
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit binary test-integration
+#? test: Run the unit and integration tests
+test: test-ui-unit test-unit test-integration
 
-## Run the unit tests
 .PHONY: test-unit
-test-unit: build-dev-image
-	-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
-	trap 'docker network rm traefik-test-network' EXIT; \
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit
+#? test-unit: Run the unit tests
+test-unit:
+	GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/...
 
-## Run the integration tests
 .PHONY: test-integration
-test-integration: build-dev-image
-	-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
-	trap 'docker network rm traefik-test-network' EXIT; \
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate binary test-integration
+#? test-integration: Run the integration tests
+test-integration: binary
+	GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)
+
+.PHONY: test-ui-unit
+#? test-ui-unit: Run the unit tests for the webui
+test-ui-unit:
+	$(MAKE) build-webui-image
+	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui install
+	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui test:unit:ci
 
-## Pull all images for integration tests
 .PHONY: pull-images
+#? pull-images: Pull all Docker images to avoid timeout during integration tests
 pull-images:
 	grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
 		| awk '{print $$2}' \
@@ -128,90 +116,85 @@ pull-images:
 		| uniq \
 		| xargs -P 6 -n 1 docker pull
 
-## Validate code and docs
+.PHONY: lint
+#? lint: Run golangci-lint
+lint:
+	golangci-lint run
+
 .PHONY: validate-files
-validate-files: build-dev-image
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
-	bash $(CURDIR)/script/validate-shell-script.sh
+#? validate-files: Validate code and docs
+validate-files: lint
+	$(foreach exec,$(LINT_EXECUTABLES),\
+            $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
+	$(CURDIR)/script/validate-misspell.sh
+	$(CURDIR)/script/validate-shell-script.sh
 
-## Validate code, docs, and vendor
 .PHONY: validate
-validate: build-dev-image
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
-	bash $(CURDIR)/script/validate-shell-script.sh
+#? validate: Validate code, docs, and vendor
+validate: lint
+	$(foreach exec,$(EXECUTABLES),\
+            $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
+	$(CURDIR)/script/validate-vendor.sh
+	$(CURDIR)/script/validate-misspell.sh
+	$(CURDIR)/script/validate-shell-script.sh
+
+# Target for building images for multiple architectures.
+.PHONY: multi-arch-image-%
+multi-arch-image-%: binary-linux-amd64 binary-linux-arm64
+	docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile .
+
 
-## Clean up static directory and build a Docker Traefik image
 .PHONY: build-image
-build-image: clean-webui binary
-	docker build -t $(TRAEFIK_IMAGE) .
+#? build-image: Clean up static directory and build a Docker Traefik image
+build-image: export DOCKER_BUILDX_ARGS := --load
+build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
+build-image: clean-webui
+	@$(MAKE) multi-arch-image-latest
 
-## Build a Docker Traefik image without re-building the webui
 .PHONY: build-image-dirty
-build-image-dirty: binary
-	docker build -t $(TRAEFIK_IMAGE) .
+#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built
+build-image-dirty: export DOCKER_BUILDX_ARGS := --load
+build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
+build-image-dirty:
+	@$(MAKE) multi-arch-image-latest
 
-## Locally build traefik for linux, then shove it an alpine image, with basic tools.
-.PHONY: build-image-debug
-build-image-debug: binary-debug
-	docker build -t $(TRAEFIK_IMAGE) -f debug.Dockerfile .
-
-## Start a shell inside the build env
-.PHONY: shell
-shell: build-dev-image
-	$(DOCKER_RUN_TRAEFIK) /bin/bash
-
-## Build documentation site
 .PHONY: docs
+#? docs: Build documentation site
 docs:
 	make -C ./docs docs
 
-## Serve the documentation site locally
 .PHONY: docs-serve
+#? docs-serve: Serve the documentation site locally
 docs-serve:
 	make -C ./docs docs-serve
 
-## Pull image for doc building
 .PHONY: docs-pull-images
+#? docs-pull-images: Pull image for doc building
 docs-pull-images:
 	make -C ./docs docs-pull-images
 
-## Generate CRD clientset and CRD manifests
 .PHONY: generate-crd
+#? generate-crd: Generate CRD clientset and CRD manifests
 generate-crd:
 	@$(CURDIR)/script/code-gen-docker.sh
 
-## Generate code from dynamic configuration https://github.com/traefik/genconf
 .PHONY: generate-genconf
+#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf
 generate-genconf:
 	go run ./cmd/internal/gen/
 
-## Create packages for the release
 .PHONY: release-packages
-release-packages: generate-webui build-dev-image
-	rm -rf dist
-	@- $(foreach os, linux darwin windows freebsd openbsd, \
-        $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 2 --timeout="90m" --config $(shell go run ./internal/release $(os)); \
-        $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) go clean -cache; \
-    )
+#? release-packages: Create packages for the release
+release-packages: generate-webui
+	$(CURDIR)/script/release-packages.sh
 
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) cat dist/**/*_checksums.txt >> dist/traefik_${VERSION}_checksums.txt
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) rm dist/**/*_checksums.txt
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
-		--exclude-vcs \
-		--exclude .idea \
-		--exclude .travis \
-		--exclude .semaphoreci \
-		--exclude .github \
-		--exclude dist .
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) chown -R $(shell id -u):$(shell id -g) dist/
-
-## Format the Code
 .PHONY: fmt
+#? fmt: Format the Code
 fmt:
 	gofmt -s -l -w $(SRCS)
 
-.PHONY: run-dev
-run-dev:
-	go generate
-	GO111MODULE=on go build ./cmd/traefik
-	./traefik
+.PHONY: help
+#? help: Get more info on make commands
+help: Makefile
+	@echo " Choose a command run in traefik:"
+	@sed -n 's/^#?//p' $< | column -t -s ':' |  sort | sed -e 's/^/ /'

README.md

@@ -7,7 +7,7 @@
     </picture>
 </p>
 
-[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
+[![Build Status SemaphoreCI](https://traefik-oss.semaphoreci.com/badges/traefik/branches/master.svg?style=shields)](https://traefik-oss.semaphoreci.com/projects/traefik)
 [![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik)
 [![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md)
@@ -74,6 +74,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
 - [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
 - [Marathon](https://doc.traefik.io/traefik/providers/marathon/)
 - [Rancher](https://doc.traefik.io/traefik/providers/rancher/) (Metadata)
+- [ECS](https://doc.traefik.io/traefik/providers/ecs/)
 - [File](https://doc.traefik.io/traefik/providers/file/)
 
 ## Quickstart

build.Dockerfile

@@ -1,37 +0,0 @@
-FROM golang:1.21-alpine
-
-RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
-    && update-ca-certificates \
-    && rm -rf /var/cache/apk/*
-
-# Which docker version to test on
-ARG DOCKER_VERSION=18.09.7
-
-# Download docker
-RUN mkdir -p /usr/local/bin \
-    && curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
-    | tar -xzC /usr/local/bin --transform 's#^.+/##x'
-
-# Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.55.2
-
-# Download misspell binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
-
-# Download goreleaser binary to bin folder in $GOPATH
-RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh
-
-WORKDIR /go/src/github.com/traefik/traefik
-
-# Because of CVE-2022-24765 (https://github.blog/2022-04-12-git-security-vulnerability-announced/),
-# we configure git to allow the Traefik codebase path on the Host for docker in docker usages.
-ARG HOST_PWD=""
-
-RUN git config --global --add safe.directory "${HOST_PWD}"
-
-# Download go modules
-COPY go.mod .
-COPY go.sum .
-RUN GO111MODULE=on GOPROXY=https://proxy.golang.org go mod download
-
-COPY . /go/src/github.com/traefik/traefik

cmd/internal/gen/centrifuge.go

@@ -160,7 +160,7 @@ func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string,
 	b := strings.Builder{}
 	b.WriteString(fmt.Sprintf("type %s struct {\n", name))
 
-	for i := 0; i < obj.NumFields(); i++ {
+	for i := range obj.NumFields() {
 		field := obj.Field(i)
 
 		if !field.Exported() {

cmd/traefik/traefik.go

@@ -15,7 +15,7 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/coreos/go-systemd/daemon"
+	"github.com/coreos/go-systemd/v22/daemon"
 	"github.com/go-acme/lego/v4/challenge"
 	gokitmetrics "github.com/go-kit/kit/metrics"
 	"github.com/sirupsen/logrus"

cmd/traefik/traefik_test.go

@@ -94,7 +94,6 @@ func TestAppendCertMetric(t *testing.T) {
 	}
 
 	for _, test := range testCases {
-		test := test
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()
 

debug.Dockerfile

@@ -1,10 +0,0 @@
-FROM alpine:3.14
-# Feel free to add below any helpful dependency for debugging.
-# iproute2 is for ss.
-RUN apk --no-cache --no-progress add bash curl ca-certificates tzdata lsof iproute2 \
-    && update-ca-certificates \
-    && rm -rf /var/cache/apk/*
-COPY dist/traefik /
-EXPOSE 80
-VOLUME ["/tmp"]
-ENTRYPOINT ["/traefik"]

docs/check.Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.18 as alpine
+FROM alpine:3.20
 
 RUN apk --no-cache --no-progress add \
     build-base \

docs/content/contributing/building-testing.md

@@ -13,67 +13,13 @@ Let's see how.
 
 ## Building
 
-You need either [Docker](https://github.com/docker/docker "Link to website of Docker") and `make` (Method 1), or [Go](https://go.dev/ "Link to website of Go") (Method 2) in order to build Traefik.
-For changes to its dependencies, the `dep` dependency management tool is required.
-
-### Method 1: Using `Docker` and `Makefile`
-
-Run make with the `binary` target.
-
-```bash
-make binary
-```
-
-This will create binaries for the Linux platform in the `dist` folder.
-
-In case when you run build on CI, you may probably want to run docker in non-interactive mode. To achieve that define `DOCKER_NON_INTERACTIVE=true` environment variable.
-
-```bash
-$ make binary
-docker build -t traefik-webui -f webui/Dockerfile webui
-Sending build context to Docker daemon  2.686MB
-Step 1/11 : FROM node:8.15.0
- ---> 1f6c34f7921c
-[...]
-Successfully built ce4ff439c06a
-Successfully tagged traefik-webui:latest
-[...]
-docker build  -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
-Sending build context to Docker daemon    279MB
-Step 1/10 : FROM golang:1.16-alpine
- ---> f4bfb3d22bda
-[...]
-Successfully built 5c3c1a911277
-Successfully tagged traefik-dev:4475--feature-documentation
-docker run  -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER		 -v "/home/ldez/sources/go/src/github.com/traefik/traefik/"dist":/go/src/github.com/traefik/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
----> Making bundle: generate (in .)
-removed 'autogen/genstatic/gen.go'
-
----> Making bundle: binary (in .)
-
-$ ls dist/
-traefik*
-```
-
-The following targets can be executed outside Docker by setting the variable `IN_DOCKER` to an empty string (although be aware that some of the tests might fail in that context):
-
-- `test-unit`
-- `test-integration`
-- `validate`
-- `binary` (the webUI is still generated by using Docker)
-
-ex:
-
-```bash
-IN_DOCKER= make test-unit
-```
-
-### Method 2: Using `go`
-
-Requirements:
-
-- `go` v1.16+
-- environment variable `GO111MODULE=on`
+You need:
+    - [Docker](https://github.com/docker/docker "Link to website of Docker") 
+    - `make`
+    - [Go](https://go.dev/ "Link to website of Go")
+    - [misspell](https://github.com/golangci/misspell)
+    - [shellcheck](https://github.com/koalaman/shellcheck)
+    - [Tailscale](https://tailscale.com/) if you are using Docker Desktop 
 
 !!! tip "Source Directory"
 
@@ -106,43 +52,34 @@ Requirements:
     ## ... and the list goes on
     ```
 
-#### Build Traefik
+### Build Traefik
 
 Once you've set up your go environment and cloned the source repository, you can build Traefik.
 
 ```bash
-# Generate UI static files
-make clean-webui generate-webui
+$ make binary
+SHA: 8fddfe118288bb5280eb5e77fa952f52def360b4 cheddar 2024-01-11_03:14:57PM
+CGO_ENABLED=0 GOGC=off GOOS=darwin GOARCH=arm64 go build  -ldflags "-s -w \
+    -X github.com/traefik/traefik/v2/pkg/version.Version=8fddfe118288bb5280eb5e77fa952f52def360b4 \
+    -X github.com/traefik/traefik/v2/pkg/version.Codename=cheddar \
+    -X github.com/traefik/traefik/v2/pkg/version.BuildDate=2024-01-11_03:14:57PM" \
+    -installsuffix nocgo -o "./dist/darwin/arm64/traefik" ./cmd/traefik
 
-# required to merge non-code components into the final binary,
-# such as the web dashboard/UI
-go generate
+$ ls dist/
+traefik*
 ```
 
-```bash
-# Standard go build
-go build ./cmd/traefik
-```
-
-You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/traefik/traefik` directory.
+You will find the Traefik executable (`traefik`) in the `./dist` directory.
 
 ## Testing
 
-### Method 1: `Docker` and `make`
-
 Run unit tests using the `test-unit` target.
 Run integration tests using the `test-integration` target.
 Run all tests (unit and integration) using the `test` target.
 
 ```bash
 $ make test-unit
-docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
-# […]
-docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/traefik/traefik/dist:/go/src/github.com/traefik/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
----> Making bundle: generate (in .)
-removed 'gen.go'
-
----> Making bundle: test-unit (in .)
+GOOS=darwin GOARCH=arm64 go test -cover "-coverprofile=cover.out" -v ./pkg/... ./cmd/...
 + go test -cover -coverprofile=cover.out .
 ok      github.com/traefik/traefik   0.005s  coverage: 4.1% of statements
 
@@ -151,28 +88,30 @@ Test success
 
 For development purposes, you can specify which tests to run by using (only works the `test-integration` target):
 
+??? note "Configuring Tailscale for Docker Desktop user"
+
+    Create `tailscale.secret` file in `integration` directory.
+    
+    This file need to contains a [Tailscale auth key](https://tailscale.com/kb/1085/auth-keys) 
+    (an ephemeral, but reusable, one is recommended).
+
+    Add this section to your tailscale ACLs to auto-approve the routes for the
+    containers in the docker subnet:
+
+    ```json 
+        "autoApprovers": {
+          // Allow myself to automatically
+          // advertize routes for docker networks
+          "routes": {
+            "172.31.42.0/24": ["your_tailscale_identity"],
+          },
+        },
+    ```
+    
 ```bash
 # Run every tests in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite" make test-integration
+TESTFLAGS="-test.run TestAccessLogSuite" make test-integration
 
 # Run the test "MyTest" in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
-
-# Run every tests starting with "My", in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite.My" make test-integration
-
-# Run every tests ending with "Test", in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
+TESTFLAGS="-test.run TestAccessLogSuite -testify.m ^TestAccessLog$" make test-integration
 ```
-
-Check [gocheck](https://labix.org/gocheck "Link to website of gocheck") for more information.
-
-### Method 2: `go`
-
-Unit tests can be run from the cloned directory using `$ go test ./...` which should return `ok`, similar to:
-
-```test
-ok      _/home/user/go/src/github/traefik/traefik    0.004s
-```
-
-Integration tests must be run from the `integration/` directory and require the `-integration` switch: `$ cd integration && go test -integration ./...`.

docs/content/contributing/maintainers.md

@@ -9,7 +9,6 @@ description: "Traefik Proxy is an open source software with a thriving community
 
 * Emile Vauge [@emilevauge](https://github.com/emilevauge)
 * Manuel Zapf [@SantoDE](https://github.com/SantoDE)
-* Ludovic Fernandez [@ldez](https://github.com/ldez)
 * Julien Salleyron [@juliens](https://github.com/juliens)
 * Nicolas Mengin [@nmengin](https://github.com/nmengin)
 * Michaël Matur [@mmatur](https://github.com/mmatur)
@@ -21,6 +20,8 @@ description: "Traefik Proxy is an open source software with a thriving community
 * Harold Ozouf [@jspdown](https://github.com/jspdown)
 * Tom Moulard [@tommoulard](https://github.com/tommoulard)
 * Landry Benguigui [@lbenguigui](https://github.com/lbenguigui)
+* Simon Delicata [@sdelicata](https://github.com/sdelicata)
+* Baptiste Mayelle [@youkoulayley](https://github.com/youkoulayley)
 
 ## Past Maintainers
 
@@ -31,6 +32,7 @@ People who have had an incredibly positive impact on the project, and are now fo
 * Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
 * Timo Reimann [@timoreimann](https://github.com/timoreimann)
 * Marco Jantke [@mjantke](https://github.com/mjeri)
+* Ludovic Fernandez [@ldez](https://github.com/ldez)
 
 ## Maintainer's Guidelines
 

docs/content/contributing/submitting-pull-requests.md

@@ -54,9 +54,10 @@ Merging a PR requires the following steps to be completed before it is merged au
     * Keep "allows edit from maintainer" checked.
     * Use semantic line breaks for documentation.
     * Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
+    * Ensure that the dependencies in the `go.mod` file reference a tag. If referencing a tag is not possible, add a comment explaining why.
 * Pass the validation check.
 * Pass all tests.
-* Receive 3 approving reviews from maintainers.
+* Receive 2 approving reviews from maintainers.
 
 ## Pull Request Review Cycle
 
@@ -89,6 +90,7 @@ in short, it looks like this:
 You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
 Your PR will not be reviewed until these are green on the CI.
 
+* `make generate`
 * `make validate`
 * `make pull-images`
 * `make test`
@@ -112,7 +114,7 @@ In such a situation, solve the conflicts/CI/... and then remove the label `bot/n
 
 To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
 
-The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
+The label `bot/light-review` decreases the number of required LGTM from 2 to 1.
 
 This label can be used when:
 

docs/content/deprecation/features.md

@@ -2,14 +2,14 @@
 
 This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
 
-| Feature                                                                                             | Deprecated | End of Support | Removal |
-|-----------------------------------------------------------------------------------------------------|------------|----------------|---------|
-| [Pilot](#pilot)                                                                                     | 2.7        | 2.8            | 2.9     |
-| [Consul Enterprise Namespace](#consul-enterprise-namespace)                                         | 2.8        | N/A            | 3.0     |
-| [TLS 1.0 and 1.1 Support](#tls-10-and-11)                                                           | N/A        | 2.8            | N/A     |
-| [Nomad Namespace](#nomad-namespace)                                                                 | 2.10       | N/A            | 3.0     |
-| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crds-api-group-traefikcontainous)     | 2.10       | N/A            | 3.0     |
-| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | N/A        | N/A            | 3.0     |
+| Feature                                                                                                     | Deprecated | End of Support | Removal |
+|-------------------------------------------------------------------------------------------------------------|------------|----------------|---------|
+| [Pilot](#pilot)                                                                                             | 2.7        | 2.8            | 2.9     |
+| [Consul Enterprise Namespace](#consul-enterprise-namespace)                                                 | 2.8        | N/A            | 3.0     |
+| [TLS 1.0 and 1.1 Support](#tls-10-and-11)                                                                   | N/A        | 2.8            | N/A     |
+| [Nomad Namespace](#nomad-namespace)                                                                         | 2.10       | N/A            | 3.0     |
+| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crd-provider-api-group-traefikcontainous)     | 2.10       | N/A            | 3.0     |
+| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crd-provider-api-version-traefikiov1alpha1) | 3.0        | N/A            | 4.0     |
 
 ## Impact
 
@@ -35,10 +35,10 @@ Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2.
 Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
 please use the `namespaces` options instead.
 
-### Kubernetes CRDs API Group `traefik.containo.us`
+### Kubernetes CRD Provider API Group `traefik.containo.us`
 
-In v2.10, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
+In v2.10, the Kubernetes CRD provider API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
 
-### Kubernetes CRDs API Version `traefik.io/v1alpha1`
+### Kubernetes CRD Provider API Version `traefik.io/v1alpha1`
 
-The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`.
+The Kubernetes CRD provider API Version `traefik.io/v1alpha1` will subsequently be deprecated in Traefik v3. The next version will be `traefik.io/v1`.

docs/content/deprecation/releases.md

@@ -4,29 +4,27 @@
 
 Below is a non-exhaustive list of versions and their maintenance status:
 
-| Version | Release Date | Active Support     | Security Support | 
-|---------|--------------|--------------------|------------------|
-| 2.10    | Apr 24, 2023 | Yes                | Yes              |
-| 2.9     | Oct 03, 2022 | Ended Apr 24, 2023 | No               |
-| 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 | No               |
-| 2.7     | May 24, 2022 | Ended Jun 29, 2022 | No               |
-| 2.6     | Jan 24, 2022 | Ended May 24, 2022 | No               |
-| 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 | No               |
-| 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 | No               |
-| 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 | No               |
-| 2.2     | Mar 25, 2020 | Ended Sep 23, 2020 | No               |
-| 2.1     | Dec 11, 2019 | Ended Mar 25, 2020 | No               |
-| 2.0     | Sep 16, 2019 | Ended Dec 11, 2019 | No               |
-| 1.7     | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support  |
-
-??? example "Active Support / Security Support"
-
-    **Active support**: receives any bug fixes.
-    **Security support**: receives only critical bug and security fixes.
+| Version | Release Date | Community Support  |  
+|---------|--------------|--------------------|
+| 3.1     | Jul 15, 2024 | Yes                |
+| 3.0     | Apr 29, 2024 | Ended Jul 15, 2024 |
+| 2.11    | Feb 12, 2024 | Ends  Apr 29, 2025 |
+| 2.10    | Apr 24, 2023 | Ended Feb 12, 2024 |
+| 2.9     | Oct 03, 2022 | Ended Apr 24, 2023 |
+| 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 |
+| 2.7     | May 24, 2022 | Ended Jun 29, 2022 |
+| 2.6     | Jan 24, 2022 | Ended May 24, 2022 |
+| 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 |
+| 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 |
+| 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 |
+| 2.2     | Mar 25, 2020 | Ended Sep 23, 2020 |
+| 2.1     | Dec 11, 2019 | Ended Mar 25, 2020 |
+| 2.0     | Sep 16, 2019 | Ended Dec 11, 2019 |
+| 1.7     | Sep 24, 2018 | Ended Dec 31, 2021 |
 
 This page is maintained and updated periodically to reflect our roadmap and any decisions affecting the end of support for Traefik Proxy.
 
-Please refer to our migration guides for specific instructions on upgrading between versions, an example is the [v1 to v2 migration guide](../migration/v1-to-v2.md).
+Please refer to our migration guides for specific instructions on upgrading between versions, an example is the [v2 to v3 migration guide](../migration/v2-to-v3.md).
 
 !!! important "All target dates for end of support or feature removal announcements may be subject to change."
 

docs/content/getting-started/concepts.md

@@ -25,7 +25,7 @@ The main features include dynamic configuration, automatic service discovery, an
 
 ## Edge Router
 
-Traefik is an *Edge Router*, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
+Traefik is an *Edge Router*; this means that it's the door to your platform, and that it intercepts and routes every incoming request:
 it knows all the logic and every [rule](../routing/routers/index.md#rule "Link to docs about routing rules") that determine which services handle which requests (based on the *path*, the *host*, *headers*, etc.).
 
 ![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png "Picture explaining the infrastructure")
@@ -38,7 +38,7 @@ Deploying your services, you attach information that tells Traefik the character
 
 ![Decentralized Configuration](../assets/img/traefik-concepts-2.png "Picture about Decentralized Configuration")
 
-It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
+This means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
 Similarly, when a service is removed from the infrastructure, the corresponding route is deleted accordingly.
 
 You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.

docs/content/getting-started/configuration-overview.md

@@ -79,14 +79,14 @@ traefik --help
 # or
 
 docker run traefik[:version] --help
-# ex: docker run traefik:v2.10 --help
+# ex: docker run traefik:v2.11 --help
 ```
 
-All available arguments can also be found [here](../reference/static-configuration/cli.md).
+Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.
 
 ### Environment Variables
 
-All available environment variables can be found [here](../reference/static-configuration/env.md)
+All available environment variables can be found in the [static configuration environment overview](../reference/static-configuration/env.md).
 
 ## Available Configuration Options
 

docs/content/getting-started/faq.md

@@ -29,7 +29,7 @@ Not to mention that dynamic configuration changes potentially make that kind of
 Therefore, in this dynamic context,
 the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed.
 Or whether it's even going to be routed at all,
-i.e. whether there is a Router matching the kind of traffic going through it.
+that is whether there is a Router matching the kind of traffic going through it.
 
 ### `404 Not found`
 
@@ -71,7 +71,7 @@ Traefik returns a `502` response code when an error happens while contacting the
 
 ### `503 Service Unavailable`
 
-Traefik returns a `503` response code when a Router has been matched
+Traefik returns a `503` response code when a Router has been matched,
 but there are no servers ready to handle the request.
 
 This situation is encountered when a service has been explicitly configured without servers,
@@ -84,7 +84,7 @@ Sometimes, the `404` response code doesn't play well with other parties or servi
 In these situations, you may want Traefik to always reply with a `503` response code,
 instead of a `404` response code.
 
-To achieve this behavior, a simple catchall router,
+To achieve this behavior, a catchall router,
 with the lowest possible priority and routing to a service without servers,
 can handle all the requests when no other router has been matched.
 
@@ -93,7 +93,7 @@ The example below is a file provider only version (`yaml`) of what this configur
 ```yaml tab="Static configuration"
 # traefik.yml
 
-entrypoints:
+entryPoints:
   web:
     address: :80
 
@@ -130,7 +130,7 @@ http:
     the principle of the above example above (a catchall router) still stands,
     but the `unavailable` service should be adapted to fit such a need.
 
-## Why Is My TLS Certificate Not Reloaded When Its Contents Change? 
+## Why Is My TLS Certificate Not Reloaded When Its Contents Change?
 
 With the file provider,
 a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
@@ -216,7 +216,7 @@ error: field not found, node: -badField-
 
 The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration.
 
-One easy way to check whether a configuration file is well-formed, is to validate it with:
+One way to check whether a configuration file is well-formed, is to validate it with:
 
 - [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json)
 - [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json)
@@ -226,11 +226,11 @@ One easy way to check whether a configuration file is well-formed, is to validat
 As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated,
 one should look for an error in the logs.
 
-If found, the error obviously confirms that something went wrong while creating the resource,
+If found, the error confirms that something went wrong while creating the resource,
 and the message should help in figuring out the mistake(s) in the configuration, and how to fix it.
 
 When using the file provider,
-one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
+one way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
 
 ## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?
 
@@ -248,6 +248,6 @@ then it could be due to `CNAME` support.
 In which case, you should make sure your infrastructure is properly set up for a
 `DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:
 
-```bash
+```shell
 LEGO_DISABLE_CNAME_SUPPORT=true
 ```

docs/content/getting-started/install-traefik.md

@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
 
 Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
 
-* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.yml)
-* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.toml)
+* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.11/traefik.sample.yml)
+* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.11/traefik.sample.toml)
 
-```bash
+```shell
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.10
+    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.11
 ```
 
 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,17 +29,12 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 !!! tip
 
     * Prefer a fixed version than the latest that could be an unexpected version.
-    ex: `traefik:v2.10`
+    ex: `traefik:v2.11`
     * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
     * Any orchestrator using docker images can fetch the official Traefik docker image.
 
 ## Use the Helm Chart
 
-!!! warning
-
-    The Traefik Chart from
-    [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7).
-
 Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>.
 
 Ensure that the following requirements are met:
@@ -59,7 +54,7 @@ You can update the chart repository by running:
 helm repo update
 ```
 
-And install it with the `helm` command line:
+And install it with the Helm command line:
 
 ```bash
 helm install traefik traefik/traefik
@@ -69,7 +64,7 @@ helm install traefik traefik/traefik
 
     All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
 
-    Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md). 
+    Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md).
 
     For instance, installing the chart in a dedicated namespace:
 
@@ -106,7 +101,7 @@ helm install traefik traefik/traefik
 
 ### Exposing the Traefik dashboard
 
-This HelmChart does not expose the Traefik dashboard by default, for security concerns.
+This Helm chart does not expose the Traefik dashboard by default, for security concerns.
 Thus, there are multiple ways to expose the dashboard.
 For instance, the dashboard access could be achieved through a port-forward:
 

docs/content/getting-started/quick-start-with-kubernetes.md

@@ -1,23 +1,23 @@
 ---
 title: "Traefik Getting Started With Kubernetes"
-description: "Looking to get started with Traefik Proxy? Read the technical documentation to learn a simple use case that leverages Kubernetes."
+description: "Get started with Traefik Proxy and Kubernetes."
 ---
 
 # Quick Start
 
-A Simple Use Case of Traefik Proxy and Kubernetes
+A Use Case of Traefik Proxy and Kubernetes
 {: .subtitle }
 
-This guide is an introduction to using Traefik Proxy in a Kubernetes environment.
-The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.
+This guide is an introduction to using Traefik Proxy in a Kubernetes environment.  
+The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.  
 It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration.
 
 ## Permissions and Accesses
 
 Traefik uses the Kubernetes API to discover running services.
 
-In order to use the Kubernetes API, Traefik needs some permissions.
-This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.
+To use the Kubernetes API, Traefik needs some permissions.
+This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.  
 The role is then bound to an account used by an application, in this case, Traefik Proxy.
 
 The first step is to create the role.
@@ -88,7 +88,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: traefik-account
-    namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.
+    namespace: default # This tutorial uses the "default" K8s namespace.
 ```
 
 !!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`."
@@ -102,7 +102,7 @@ subjects:
 !!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)."
 
 The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller)
-is a software that runs in the same way as any other application on a cluster.
+is a software that runs in the same way as any other application on a cluster.  
 To start Traefik on the Kubernetes cluster,
 a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure
 and scale containers horizontally to support larger workloads.
@@ -130,7 +130,7 @@ spec:
       serviceAccountName: traefik-account
       containers:
         - name: traefik
-          image: traefik:v2.10
+          image: traefik:v2.11
           args:
             - --api.insecure
             - --providers.kubernetesingress
@@ -141,12 +141,12 @@ spec:
               containerPort: 8080
 ```
 
-The deployment contains an important attribute for customizing Traefik: `args`.
-These arguments are the static configuration for Traefik.
+The deployment contains an important attribute for customizing Traefik: `args`.  
+These arguments are the static configuration for Traefik.  
 From here, it is possible to enable the dashboard,
 configure entry points,
 select dynamic configuration providers,
-and [more](../reference/static-configuration/cli.md)...
+and [more](../reference/static-configuration/cli.md).
 
 In this deployment,
 the static configuration enables the Traefik dashboard,
@@ -159,10 +159,10 @@ and uses Kubernetes native Ingress resources as router definitions to route inco
 !!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`."
 
 A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
-Each Pod is configured following the `spec` field in the deployment.
+Each Pod is configured following the `spec` field in the deployment.  
 Given that, a Deployment can run multiple Traefik Proxy Pods,
 a piece is required to forward the traffic to any of the instance:
-namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).
+namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).  
 Create a file called `02-traefik-services.yml` and insert the two `Service` resources:
 
 ```yaml tab="02-traefik-services.yml"
@@ -195,7 +195,7 @@ spec:
 
 !!! warning "It is possible to expose a service in different ways."
 
-    Depending on your working environment and use case, the `spec.type` might change.
+    Depending on your working environment and use case, the `spec.type` might change.  
     It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step.
 
 It is now time to apply those files on your cluster to start Traefik.
@@ -210,11 +210,11 @@ kubectl apply -f 00-role.yml \
 
 ## Proxying applications
 
-The only part still missing is the business application behind the reverse proxy.
+The only part still missing is the business application behind the reverse proxy.  
 For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami),
 but the principles are applicable to any other application.
 
-The `whoami` application is a simple HTTP server running on port 80 which answers host-related information to the incoming requests.
+The `whoami` application is an HTTP server running on port 80 which answers host-related information to the incoming requests.  
 As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource:
 
 ```yaml tab="03-whoami.yml"
@@ -262,8 +262,8 @@ spec:
 ```
 
 Thanks to the Kubernetes API,
-Traefik is notified when an Ingress resource is created, updated, or deleted.
-This makes the process dynamic.
+Traefik is notified when an Ingress resource is created, updated, or deleted.  
+This makes the process dynamic.  
 The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik.
 
 !!! tip

docs/content/getting-started/quick-start.md

@@ -1,11 +1,11 @@
 ---
 title: "Traefik Getting Started Quickly"
-description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to learn a simple use case that leverages Docker."
+description: "Get started with Traefik Proxy and Docker."
 ---
 
 # Quick Start
 
-A Simple Use Case Using Docker
+A Use Case Using Docker
 {: .subtitle }
 
 ![quickstart-diagram](../assets/img/quickstart-diagram.png)
@@ -20,7 +20,7 @@ version: '3'
 services:
   reverse-proxy:
     # The official v2 Traefik docker image
-    image: traefik:v2.10
+    image: traefik:v2.11
     # Enables the web UI and tells Traefik to listen to docker
     command: --api.insecure=true --providers.docker
     ports:
@@ -41,11 +41,11 @@ Start your `reverse-proxy` with the following command:
 docker-compose up -d reverse-proxy
 ```
 
-You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
+You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (you'll go back there once you have launched a service in step 2).
 
 ## Traefik Detects New Services and Creates the Route for You
 
-Now that we have a Traefik instance up and running, we will deploy new services.
+Now that you have a Traefik instance up and running, you will deploy new services.
 
 Edit your `docker-compose.yml` file and add the following at the end of your file.
 
@@ -63,7 +63,7 @@ services:
       - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
 ```
 
-The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).
+The above defines `whoami`: a web service that outputs information about the machine it is deployed on (its IP address, host, and others).
 
 Start the `whoami` service with the following command:
 
@@ -73,7 +73,7 @@ docker-compose up -d whoami
 
 Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new container and updated its own configuration.
 
-When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_  (Here, we're using curl)
+When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_  (Here, you're using curl)
 
 ```shell
 curl -H Host:whoami.docker.localhost http://127.0.0.1
@@ -103,7 +103,7 @@ Finally, see that Traefik load-balances between the two instances of your servic
 curl -H Host:whoami.docker.localhost http://127.0.0.1
 ```
 
-The output will show alternatively one of the followings:
+The output will show alternatively one of the following:
 
 ```yaml
 Hostname: a656c8ddca6c
@@ -119,6 +119,6 @@ IP: 172.27.0.4
 
 !!! question "Where to Go Next?"
 
-    Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
+    Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the user guides](../../user-guides/docker-compose/basic-example/ "Link to the user guides") and [the documentation](/ "Link to the docs landing page") and let Traefik work for you!
 
 {!traefik-for-business-applications.md!}

docs/content/https/acme.md

@@ -116,8 +116,8 @@ Please check the [configuration examples below](#configuration-examples) for mor
     ```
 
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
     # ...
     --certificatesresolvers.myresolver.acme.email=your-email@example.com
     --certificatesresolvers.myresolver.acme.storage=acme.json
@@ -241,8 +241,8 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
     ```
 
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
     # ...
     --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
     ```
@@ -294,6 +294,12 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
     LEGO_DISABLE_CNAME_SUPPORT=true
     ```
 
+!!! warning "Multiple DNS Challenge provider"
+    
+    Multiple DNS challenge provider are not supported with Traefik, but you can use `CNAME` to handle that.
+    For example, if you have `example.org` (account foo) and `example.com` (account bar) you can create a CNAME on `example.org` called `_acme-challenge.example.org` pointing to `challenge.example.com`.
+    This way, you can obtain certificates for `example.com` with the `foo` account.
+
 !!! important
     A `provider` is mandatory.
 
@@ -313,7 +319,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [ACME DNS](https://github.com/joohoi/acme-dns)                         | `acme-dns`         | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)         |
 | [Alibaba Cloud](https://www.alibabacloud.com)                          | `alidns`           | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)           |
 | [all-inkl](https://all-inkl.com)                                       | `allinkl`          | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)          |
-| [ArvanCloud](https://www.arvancloud.ir/en)                            | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
+| [ArvanCloud](https://www.arvancloud.ir/en)                             | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
 | [Auroradns](https://www.pcextreme.com/dns-health-checks)               | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
 | [Autodns](https://www.internetx.com/domains/autodns/)                  | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
 | [Azure](https://azure.microsoft.com/services/dns/)  (DEPRECATED)       | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`                                        | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
@@ -331,6 +337,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [CloudXNS](https://www.cloudxns.net)                                   | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
 | [ConoHa](https://www.conoha.jp)                                        | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
 | [Constellix](https://constellix.com)                                   | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
+| [CPanel and WHM](https://cpanel.net/)                                  | `cpanel`           | `CPANEL_MODE`, `CPANEL_USERNAME`, `CPANEL_TOKEN`, `CPANEL_BASE_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cpanel)           |
 | [Derak Cloud](https://derak.cloud/)                                    | `derak`            | `DERAK_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/derak)            |
 | [deSEC](https://desec.io)                                              | `desec`            | `DESEC_TOKEN`                                                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/desec)            |
 | [DigitalOcean](https://www.digitalocean.com)                           | `digitalocean`     | `DO_AUTH_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean)     |
@@ -352,7 +359,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Fast DNS](https://www.akamai.com/)                                    | `fastdns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
 | [Freemyip.com](https://freemyip.com)                                   | `freemyip`         | `FREEMYIP_TOKEN`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)         |
 | [G-Core](https://gcore.com/dns/)                                       | `gcore`            | `GCORE_PERMANENT_API_TOKEN`                                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)            |
-| [Gandi v5](https://doc.livedns.gandi.net)                              | `gandiv5`          | `GANDIV5_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
+| [Gandi v5](https://doc.livedns.gandi.net)                              | `gandiv5`          | `GANDIV5_PERSONAL_ACCESS_TOKEN`                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
 | [Gandi](https://www.gandi.net)                                         | `gandi`            | `GANDI_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)            |
 | [Glesys](https://glesys.com/)                                          | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
 | [GoDaddy](https://www.godaddy.com)                                     | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
@@ -361,6 +368,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Hetzner](https://hetzner.com)                                         | `hetzner`          | `HETZNER_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
 | [hosting.de](https://www.hosting.de)                                   | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
 | [Hosttech](https://www.hosttech.eu)                                    | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
+| [http.net](https://www.http.net/)                                      | `httpnet`          | `HTTPNET_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet)          |
 | [Hurricane Electric](https://dns.he.net)                               | `hurricane`        | `HURRICANE_TOKENS` [^6]                                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)        |
 | [HyperOne](https://www.hyperone.com)                                   | `hyperone`         | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)         |
 | [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                    | `ibmcloud`         | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)         |
@@ -380,6 +388,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Liquid Web](https://www.liquidweb.com/)                               | `liquidweb`        | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)        |
 | [Loopia](https://loopia.com/)                                          | `loopia`           | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)           |
 | [LuaDNS](https://luadns.com)                                           | `luadns`           | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)           |
+| [Mail-in-a-Box](https://mailinabox.email)                              | `mailinabox`       | `MAILINABOX_EMAIL`, `MAILINABOX_PASSWORD`, `MAILINABOX_BASE_URL`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/mailinabox)       |
 | [Metaname](https://metaname.net)                                       | `metaname`         | `METANAME_ACCOUNT_REFERENCE`, `METANAME_API_KEY`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/metaname)         |
 | [MyDNS.jp](https://www.mydns.jp/)                                      | `mydnsjp`          | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)          |
 | [Mythic Beasts](https://www.mythic-beasts.com)                         | `mythicbeasts`     | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts)     |
@@ -397,7 +406,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Open Telekom Cloud](https://cloud.telekom.de)                         | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
 | [Openstack Designate](https://docs.openstack.org/designate)            | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
 | [Oracle Cloud](https://cloud.oracle.com/home)                          | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID`                                      | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
-| [OVH](https://www.ovh.com)                                             | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
+| [OVH](https://www.ovh.com)                                             | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`, `OVH_CLIENT_ID`, `OVH_CLIENT_SECRET`                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
 | [Plesk](https://www.plesk.com)                                         | `plesk`            | `PLESK_SERVER_BASE_URL`, `PLESK_USERNAME`, `PLESK_PASSWORD`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/plesk)            |
 | [Porkbun](https://porkbun.com/)                                        | `porkbun`          | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)          |
 | [PowerDNS](https://www.powerdns.com)                                   | `pdns`             | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)             |
@@ -408,9 +417,11 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [RimuHosting](https://rimuhosting.com)                                 | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
 | [Route 53](https://aws.amazon.com/route53/)                            | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
 | [Sakura Cloud](https://cloud.sakura.ad.jp/)                            | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
-| [Scaleway](https://www.scaleway.com)                                   | `scaleway`         | `SCALEWAY_API_TOKEN`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
+| [Scaleway](https://www.scaleway.com)                                   | `scaleway`         | `SCW_API_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
 | [Selectel](https://selectel.ru/en/)                                    | `selectel`         | `SELECTEL_API_TOKEN`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)         |
+| [Selectel v2](https://selectel.ru/en/)                                 | `selectelv2`       | `SELECTELV2_ACCOUNT_ID`, `SELECTELV2_PASSWORD`, `SELECTELV2_PROJECT_ID`, `SELECTELV2_USERNAME`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/selectelv2)       |
 | [Servercow](https://servercow.de)                                      | `servercow`        | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)        |
+| [Shellrent](https://www.shellrent.com)                                 | `shellrent`        | `SHELLRENT_USERNAME`, `SHELLRENT_TOKEN`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/shellrent)        |
 | [Simply.com](https://www.simply.com/en/domains/)                       | `simply`           | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/simply)           |
 | [Sonic](https://www.sonic.com/)                                        | `sonic`            | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)            |
 | [Stackpath](https://www.stackpath.com/)                                | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
@@ -426,6 +437,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [VK Cloud](https://mcs.mail.ru/)                                       | `vkcloud`          | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME`                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud)          |
 | [Vscale](https://vscale.io/)                                           | `vscale`           | `VSCALE_API_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)           |
 | [VULTR](https://www.vultr.com)                                         | `vultr`            | `VULTR_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)            |
+| [Webnames](https://www.webnames.ru/)                                   | `webnames`         | `WEBNAMES_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/webnames)         |
 | [Websupport](https://websupport.sk)                                    | `websupport`       | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/websupport)       |
 | [WEDOS](https://www.wedos.com)                                         | `wedos`            | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)            |
 | [Yandex 360](https://360.yandex.ru)                                    | `yandex360`        | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID`                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360)        |
@@ -594,9 +606,21 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
 
 _Optional, Default=2160_
 
-The `certificatesDuration` option defines the certificates' duration in hours.
+`certificatesDuration` is used to calculate two durations:
+
+- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
+- `Renew Interval`: the interval between renew attempts.
+
 It defaults to `2160` (90 days) to follow Let's Encrypt certificates' duration.
 
+| Certificate Duration | Renew Period      | Renew Interval          |
+|----------------------|-------------------|-------------------------|
+| >= 1 year            | 4 months          | 1 week                  |
+| >= 90 days           | 30 days           | 1 day                   |
+| >= 7 days            | 1 day             | 1 hour                  |
+| >= 24 hours          | 6 hours           | 10 min                  |
+| < 24 hours           | 20 min            | 1 min                   |
+
 !!! warning "Traefik cannot manage certificates with a duration lower than 1 hour."
 
 ```yaml tab="File (YAML)"
@@ -621,19 +645,6 @@ certificatesResolvers:
 # ...
 ```
 
-`certificatesDuration` is used to calculate two durations:
-
-- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
-- `Renew Interval`: the interval between renew attempts.
-
-| Certificate Duration | Renew Period      | Renew Interval          |
-|----------------------|-------------------|-------------------------|
-| >= 1 year            | 4 months          | 1 week                  |
-| >= 90 days           | 30 days           | 1 day                   |
-| >= 7 days            | 1 day             | 1 hour                  |
-| >= 24 hours          | 6 hours           | 10 min                  |
-| < 24 hours           | 20 min            | 1 min                   |
-
 ### `preferredChain`
 
 _Optional, Default=""_

docs/content/https/include-acme-multiple-domains-example.md

@@ -5,7 +5,7 @@ labels:
   - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
-  - traefik.http.routers.blog.tls.domains[0].main=example.org
+  - traefik.http.routers.blog.tls.domains[0].main=example.com
   - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```
 
@@ -17,7 +17,7 @@ deploy:
     - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
     - traefik.http.routers.blog.tls=true
     - traefik.http.routers.blog.tls.certresolver=myresolver
-    - traefik.http.routers.blog.tls.domains[0].main=example.org
+    - traefik.http.routers.blog.tls.domains[0].main=example.com
     - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```
 
@@ -38,7 +38,7 @@ spec:
   tls:
     certResolver: myresolver
     domains:
-    - main: example.org
+    - main: example.com
       sans:
       - '*.example.org'
 ```
@@ -49,7 +49,7 @@ labels: {
   "traefik.http.routers.blog.tls": "true",
   "traefik.http.routers.blog.tls.certresolver": "myresolver",
   "traefik.http.routers.blog.tls.domains[0].main": "example.com",
-  "traefik.http.routers.blog.tls.domains[0].sans": "*.example.com",
+  "traefik.http.routers.blog.tls.domains[0].sans": "*.example.org",
   "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
@@ -60,7 +60,7 @@ labels:
   - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
-  - traefik.http.routers.blog.tls.domains[0].main=example.org
+  - traefik.http.routers.blog.tls.domains[0].main=example.com
   - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```
 
@@ -73,7 +73,7 @@ http:
       tls:
         certResolver: myresolver
         domains:
-          - main: "example.org"
+          - main: "example.com"
             sans:
               - "*.example.org"
 ```
@@ -86,6 +86,6 @@ http:
     [http.routers.blog.tls]
       certResolver = "myresolver" # From static configuration
       [[http.routers.blog.tls.domains]]
-        main = "example.org"
+        main = "example.com"
         sans = ["*.example.org"]
 ```

docs/content/includes/traefik-for-business-applications.md

@@ -1,14 +1,10 @@
 ---
 
-!!! question "Using Traefik for Business Applications?"
+!!! question "Using Traefik OSS in Production? Consider Adding Advanced Capabilities."
 
-    If you are using Traefik in your organization, consider our enterprise-grade solutions:
+    Add API Gateway or API Management capabilities seamlessly to your existing Traefik deployments. 
+    No rip and replace. No learning curve.
 
-    - API Management  
-      [Explore](https://traefik.io/solutions/api-management/) // [Watch Demo Video](https://info.traefik.io/watch-traefik-hub-demo)
-    - API Gateway  
-      [Explore](https://traefik.io/solutions/api-gateway/) // [Watch Demo Video](https://info.traefik.io/watch-traefikee-demo)
-    - Ingress Controller  
-      [Kubernetes](https://traefik.io/solutions/kubernetes-ingress/) // [Docker Swarm](https://traefik.io/solutions/docker-swarm-ingress/)
-
-    These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.
+    - [Explore our API Gateway](https://traefik.io/traefik-hub-api-gateway/)
+    - [Explore our API Management](https://traefik.io/traefik-hub/)
+    - [Get 24/7/365 Commercial Support for Traefik OSS](https://info.traefik.io/request-commercial-support)

docs/content/index.md

@@ -7,25 +7,29 @@ description: "Traefik Proxy, an open source Edge Router, auto-discovers configur
 
 ![Architecture](assets/img/traefik-architecture.png)
 
-Traefik is an [open-source](https://github.com/traefik/traefik) *Edge Router* that makes publishing your services a fun and easy experience. 
-It receives requests on behalf of your system and finds out which components are responsible for handling them. 
+Traefik is an [open-source](https://github.com/traefik/traefik) *Application Proxy* that makes publishing your services a fun and easy experience. 
+It receives requests on behalf of your system and identifies which components are responsible for handling them, and routes them securely. 
 
 What sets Traefik apart, besides its many features, is that it automatically discovers the right configuration for your services. 
 The magic happens when Traefik inspects your infrastructure, where it finds relevant information and discovers which service serves which request. 
 
-Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker, Docker Swarm, AWS, Mesos, Marathon, and [the list goes on](providers/overview.md); and can handle many at the same time. (It even works for legacy software running on bare metal.)
+Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker Swarm, AWS, Mesos, Marathon, and [the list goes on](providers/overview.md); and can handle many at the same time. (It even works for legacy software running on bare metal.)
  
 With Traefik, there is no need to maintain and synchronize a separate configuration file: everything happens automatically, in real time (no restarts, no connection interruptions).
-With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state.   
+With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state.
 
-Developing Traefik, our main goal is to make it simple to use, and we're sure you'll enjoy it.
+And if your needs change, you can add API gateway and API management capabilities seamlessly to your existing Traefik deployments. It takes less than a minute, there’s no rip-and-replace, and all your configurations are preserved. See how it works in this video:
+
+<div style="text-align: center;">
+    <iframe src="https://www.youtube.com/embed/zriUO5YPgFg?modestbranding=1&rel=0&controls=1" width="560" height="315" title="Upgrade Traefik Proxy to API Gateway and API Management in Seconds // Traefik Labs" frameborder="0" allowfullscreen></iframe>
+</div>
+
+Developing Traefik, our main goal is to make it effortless to use, and we're sure you'll enjoy it.
 
 -- The Traefik Maintainer Team 
 
 !!! info
 
-    Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.
+    Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the Traefik community.
 
-    Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment.
-
-    See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo "Link to video walkthrough").
+    Using Traefik OSS in Production? Consider our enterprise-grade [API Gateway](https://traefik.io/traefik-hub-api-gateway/), [API Management](https://traefik.io/traefik-hub/), and [Commercial Support](https://info.traefik.io/request-commercial-support) solutions.

docs/content/middlewares/http/ipallowlist.md

@@ -0,0 +1,246 @@
+---
+title: "Traefik HTTP Middlewares IPAllowList"
+description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
+---
+
+# IPAllowList
+
+Limiting Clients to Specific IPs
+{: .subtitle }
+
+IPAllowList limits allowed requests based on the client IP.
+
+## Configuration Examples
+
+```yaml tab="Docker"
+# Accepts request from defined IP
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.7
+```
+
+```yaml tab="Consul Catalog"
+# Accepts request from defined IP
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
+}
+```
+
+```yaml tab="Rancher"
+# Accepts request from defined IP
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="File (YAML)"
+# Accepts request from defined IP
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.7"
+```
+
+```toml tab="File (TOML)"
+# Accepts request from defined IP
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
+```
+
+## Configuration Options
+
+### `sourceRange`
+
+_Required_
+
+The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
+
+### `ipStrategy`
+
+The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.  
+If no strategy is set, the default behavior is to match `sourceRange` against the Remote address found in the request.
+
+!!! important "As a middleware, whitelisting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through whitelisting. Therefore, during whitelisting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be matched against `sourceRange`."
+
+#### `ipStrategy.depth`
+
+The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
+
+- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
+- `depth` is ignored if its value is less than or equal to 0.
+
+!!! example "Examples of Depth & X-Forwarded-For"
+
+    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
+
+    | `X-Forwarded-For`                       | `depth` | clientIP     |
+    |-----------------------------------------|---------|--------------|
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1`     | `"13.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
+
+```yaml tab="Docker"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
+```
+
+```yaml tab="Kubernetes"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.7
+    ipStrategy:
+      depth: 2
+```
+
+```yaml tab="Consul Catalog"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
+}
+```
+
+```yaml tab="Rancher"
+# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
+```
+
+```yaml tab="File (YAML)"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.7"
+        ipStrategy:
+          depth: 2
+```
+
+```toml tab="File (TOML)"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
+    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
+      depth = 2
+```
+
+#### `ipStrategy.excludedIPs`
+
+`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
+
+!!! important "If `depth` is specified, `excludedIPs` is ignored."
+
+!!! example "Example of ExcludedIPs & X-Forwarded-For"
+
+    | `X-Forwarded-For`                       | `excludedIPs`         | clientIP     |
+    |-----------------------------------------|-----------------------|--------------|
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1"`                   | `"10.0.0.1,11.0.0.1"` | `""`         |
+
+```yaml tab="Docker"
+# Exclude from `X-Forwarded-For`
+labels:
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+# Exclude from `X-Forwarded-For`
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.0/24
+    ipStrategy:
+      excludedIPs:
+        - 127.0.0.1/32
+        - 192.168.1.7
+```
+
+```yaml tab="Consul Catalog"
+# Exclude from `X-Forwarded-For`
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
+}
+```
+
+```yaml tab="Rancher"
+# Exclude from `X-Forwarded-For`
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="File (YAML)"
+# Exclude from `X-Forwarded-For`
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+         - 127.0.0.1/32
+         - 192.168.1.0/24
+        ipStrategy:
+          excludedIPs:
+            - 127.0.0.1/32
+            - 192.168.1.7
+```
+
+```toml tab="File (TOML)"
+# Exclude from `X-Forwarded-For`
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
+    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
+      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
+```

docs/content/middlewares/http/ipwhitelist.md

@@ -8,9 +8,13 @@ description: "Learn how to use IPWhiteList in HTTP middleware for limiting clien
 Limiting Clients to Specific IPs
 {: .subtitle }
 
-![IpWhiteList](../../assets/img/middleware/ipwhitelist.png)
+![IPWhiteList](../../assets/img/middleware/ipwhitelist.png)
 
-IPWhitelist accepts / refuses requests based on the client IP.
+IPWhiteList limits allowed requests based on the client IP.
+
+!!! warning
+
+    This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead.
 
 ## Configuration Examples
 
@@ -71,6 +75,8 @@ http:
 
 ### `sourceRange`
 
+_Required_
+
 The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
 
 ### `ipStrategy`
@@ -180,6 +186,7 @@ http:
 ```yaml tab="Docker"
 # Exclude from `X-Forwarded-For`
 labels:
+    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
     - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 
@@ -192,6 +199,9 @@ metadata:
 spec:
   ipWhiteList:
     ipStrategy:
+      sourceRange:
+        - 127.0.0.1/32
+        - 192.168.1.0/24
       excludedIPs:
         - 127.0.0.1/32
         - 192.168.1.7
@@ -199,11 +209,13 @@ spec:
 
 ```yaml tab="Consul Catalog"
 # Exclude from `X-Forwarded-For`
+- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
 - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 
 ```json tab="Marathon"
 "labels": {
+  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
   "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
@@ -211,6 +223,7 @@ spec:
 ```yaml tab="Rancher"
 # Exclude from `X-Forwarded-For`
 labels:
+  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
   - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 
@@ -220,16 +233,20 @@ http:
   middlewares:
     test-ipwhitelist:
       ipWhiteList:
+        sourceRange:
+          - 127.0.0.1/32
+          - 192.168.1.0/24
         ipStrategy:
           excludedIPs:
-            - "127.0.0.1/32"
-            - "192.168.1.7"
+            - 127.0.0.1/32
+            - 192.168.1.7
 ```
 
 ```toml tab="File (TOML)"
 # Exclude from `X-Forwarded-For`
 [http.middlewares]
   [http.middlewares.test-ipwhitelist.ipWhiteList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
     [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
       excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
 ```

docs/content/middlewares/http/ratelimit.md

@@ -16,15 +16,15 @@ It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) impl
 
 ```yaml tab="Docker"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 labels:
   - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
+  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"
 ```
 
 ```yaml tab="Kubernetes"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -32,12 +32,12 @@ metadata:
 spec:
   rateLimit:
     average: 100
-    burst: 50
+    burst: 200
 ```
 
 ```yaml tab="Consul Catalog"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
 - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
 ```
@@ -45,36 +45,36 @@ spec:
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
-  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
+  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "200"
 }
 ```
 
 ```yaml tab="Rancher"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 labels:
   - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
+  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"
 ```
 
 ```yaml tab="File (YAML)"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 http:
   middlewares:
     test-ratelimit:
       rateLimit:
         average: 100
-        burst: 50
+        burst: 200
 ```
 
 ```toml tab="File (TOML)"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 [http.middlewares]
   [http.middlewares.test-ratelimit.rateLimit]
     average = 100
-    burst = 50
+    burst = 200
 ```
 
 ## Configuration Options
@@ -432,6 +432,8 @@ http:
 
 Name of the header used to group incoming requests.
 
+!!! important "If the header is not present, rate limiting will still be applied, but all requests without the specified header will be grouped together."
+
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"

docs/content/middlewares/tcp/ipallowlist.md

@@ -0,0 +1,60 @@
+---
+title: "Traefik TCP Middlewares IPAllowList"
+description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
+---
+
+# IPAllowList
+
+Limiting Clients to Specific IPs
+{: .subtitle }
+
+IPAllowList limits allowed requests based on the client IP.
+
+## Configuration Examples
+
+```yaml tab="Docker & Swarm"
+# Accepts connections from defined IP
+labels:
+  - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.io/v1alpha1
+kind: MiddlewareTCP
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.7
+```
+
+```yaml tab="Consul Catalog"
+# Accepts request from defined IP
+- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```toml tab="File (TOML)"
+# Accepts request from defined IP
+[tcp.middlewares]
+  [tcp.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
+```
+
+```yaml tab="File (YAML)"
+# Accepts request from defined IP
+tcp:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.7"
+```
+
+## Configuration Options
+
+### `sourceRange`
+
+The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).

docs/content/middlewares/tcp/ipwhitelist.md

@@ -8,7 +8,11 @@ description: "Learn how to use IPWhiteList in TCP middleware for limiting client
 Limiting Clients to Specific IPs
 {: .subtitle }
 
-IPWhitelist accepts / refuses connections based on the client IP.
+IPWhiteList accepts / refuses connections based on the client IP.
+
+!!! warning
+
+    This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead.
 
 ## Configuration Examples
 

docs/content/migration/v1-to-v2.md

@@ -354,7 +354,7 @@ To apply a redirection:
     ```
 
     ```bash tab="CLI"
-    --entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
+    --entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
     --entryPoints='Name:websecure Address::443 TLS'
     ```
 
@@ -394,10 +394,10 @@ To apply a redirection:
     ```bash tab="CLI"
     ## static configuration
 
-    --entrypoints.web.address=:80
-    --entrypoints.web.http.redirections.entrypoint.to=websecure
-    --entrypoints.web.http.redirections.entrypoint.scheme=https
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.web.http.redirections.entrypoint.to=websecure
+    --entryPoints.web.http.redirections.entrypoint.scheme=https
+    --entryPoints.websecure.address=:443
     --providers.docker=true
     ```
 
@@ -750,8 +750,8 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
     ```
 
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
     --certificatesresolvers.myresolver.acme.email=your-email@example.com
     --certificatesresolvers.myresolver.acme.storage=acme.json
     --certificatesresolvers.myresolver.acme.tlschallenge=true
@@ -1078,7 +1078,7 @@ To activate the dashboard, you can either:
       routers:
         api:
           rule: Host(`traefik.docker.localhost`)
-          entrypoints:
+          entryPoints:
             - websecure
           service: api@internal
           middlewares:

docs/content/migration/v2.md

@@ -510,7 +510,7 @@ In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, a
 As the Kubernetes CRD provider still works with both API Versions (`traefik.io/v1alpha1` and `traefik.containo.us/v1alpha1`),
 it means that for the same kind, namespace and name, the provider will only keep the `traefik.io/v1alpha1` resource.
 
-In addition, the Kubernetes CRDs API Version `traefik.io/v1alpha1` will not be supported in Traefik v3 itself.
+In addition, the Kubernetes CRDs API Version `traefik.containo.us/v1alpha1` will not be supported in Traefik v3 itself.
 
 Please note that it is a requirement to update the CRDs and the RBAC in the cluster before upgrading Traefik.
 To do so, please apply the required [CRDs](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml) and [RBAC](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml) manifests for v2.10:
@@ -523,3 +523,117 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/co
 ### Traefik Hub
 
 In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration.
+
+## v2.11
+
+### IPWhiteList (HTTP)
+
+In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/http/ipallowlist.md) middleware instead.
+
+### IPWhiteList (TCP)
+
+In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
+
+### TLS CipherSuites
+
+> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
+> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
+> (https://go.dev/doc/go1.22#crypto/tls)
+
+The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
+Decision has been made to support ECDHE cipher suites only by default.
+
+The following ciphers have been removed from the default list:
+
+- `TLS_RSA_WITH_AES_128_CBC_SHA`
+- `TLS_RSA_WITH_AES_256_CBC_SHA`
+- `TLS_RSA_WITH_AES_128_GCM_SHA256`
+- `TLS_RSA_WITH_AES_256_GCM_SHA384`
+
+To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
+
+### Minimum TLS Version
+
+> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
+> matching the behavior of crypto/tls clients.
+> This change can be reverted with the `tls10server=1 GODEBUG` setting.
+> (https://go.dev/doc/go1.22#crypto/tls)
+
+To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
+
+## v2.11.1
+
+### Maximum Router Priority Value
+
+Before v2.11.1, the maximum user-defined router priority value is:
+
+- `MaxInt32` for 32-bit platforms,
+- `MaxInt64` for 64-bit platforms.
+
+Please check out the [go documentation](https://pkg.go.dev/math#pkg-constants) for more information.
+
+In v2.11.1, Traefik reserves a range of priorities for its internal routers and now, 
+the maximum user-defined router priority value is:
+
+- `(MaxInt32 - 1000)` for 32-bit platforms,
+- `(MaxInt64 - 1000)` for 64-bit platforms.
+
+### EntryPoint.Transport.RespondingTimeouts.<Timeout>
+
+Starting with `v2.11.1` the following timeout options are deprecated:
+
+- `<entryPoint>.transport.respondingTimeouts.readTimeout`
+- `<entryPoint>.transport.respondingTimeouts.writeTimeout`
+- `<entryPoint>.transport.respondingTimeouts.idleTimeout`
+
+They have been replaced by:
+
+- `<entryPoint>.transport.respondingTimeouts.http.readTimeout`
+- `<entryPoint>.transport.respondingTimeouts.http.writeTimeout`
+- `<entryPoint>.transport.respondingTimeouts.http.idleTimeout`
+
+### EntryPoint.Transport.RespondingTimeouts.TCP.LingeringTimeout
+
+Starting with `v2.11.1` a new `lingeringTimeout` entryPoints option has been introduced, with a default value of 2s.
+
+The lingering timeout defines the maximum duration between each TCP read operation on the connection.
+As a layer 4 timeout, it applies during HTTP handling but respects the configured HTTP server `readTimeout`.
+
+This change avoids Traefik instances with the default configuration hanging while waiting for bytes to be read on the connection.
+
+We suggest to adapt this value accordingly to your situation.
+The new default value is purposely narrowed and can close the connection too early.
+
+Increasing the `lingeringTimeout` value could be the solution notably if you are dealing with the following errors:
+
+- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
+- HTTP: `'499 Client Closed Request' caused by: context canceled`
+- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
+
+## v2.11.2
+
+### LingeringTimeout
+
+Starting with `v2.11.2` the `<entrypoint>.transport.respondingTimeouts.tcp.lingeringTimeout` introduced in `v2.11.1` has been removed.
+
+### RespondingTimeouts.TCP and RespondingTimeouts.HTTP
+
+Starting with `v2.11.2` the `respondingTimeouts.tcp` and `respondingTimeouts.http` sections introduced in `v2.11.1` have been removed.
+To configure the responding timeouts, please use the [`respondingTimeouts`](../routing/entrypoints.md#respondingtimeouts) section.  
+
+### EntryPoint.Transport.RespondingTimeouts.ReadTimeout
+
+Starting with `v2.11.2` the entryPoints [`readTimeout`](../routing/entrypoints.md#respondingtimeouts) option default value changed to 60 seconds.
+
+For HTTP, this option defines the maximum duration for reading the entire request, including the body.
+For TCP, this option defines the maximum duration for the first bytes to be read on the connection.
+
+The default value was previously set to zero, which means no timeout.
+
+This change has been done to avoid Traefik instances with the default configuration to be hanging forever while waiting for bytes to be read on the connection.
+
+Increasing the `readTimeout` value could be the solution notably if you are dealing with the following errors:
+
+- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
+- HTTP: `'499 Client Closed Request' caused by: context canceled`
+- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`

docs/content/observability/access-logs.md

@@ -254,7 +254,7 @@ version: "3.7"
 
 services:
   traefik:
-    image: traefik:v2.10
+    image: traefik:v2.11
     environment:
       - TZ=US/Alaska
     command:

docs/content/observability/metrics/prometheus.md

@@ -235,4 +235,4 @@ traefik_entrypoint_requests_total{code="200",entrypoint="web",method="GET",proto
     // For incoming requests, the Host header is promoted to the
     // Request.Host field and removed from the Header map.
 
-    As a workaround, to obtain the Host of a request as a label, one should use instead the `X-Forwarded-For` header.
+    As a workaround, to obtain the Host of a request as a label, one should use instead the `X-Forwarded-Host` header.

docs/content/observability/metrics/statsd.md

@@ -69,7 +69,7 @@ metrics:
 
 _Optional, Default=false_
 
-Enable metrics on entry points.
+Enable metrics on routers.
 
 ```yaml tab="File (YAML)"
 metrics:

docs/content/operations/api.md

@@ -16,13 +16,9 @@ including sensitive data.
 
 In production, it should be at least secured by authentication and authorizations.
 
-A good sane default (non exhaustive) set of recommendations
-would be to apply the following protection mechanisms:
-
-* At the transport level:
-  NOT publicly exposing the API's port,
-  keeping it restricted to internal networks
-  (as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
+!!! info
+    It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
+    (as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
 
 ## Configuration
 

docs/content/operations/dashboard.md

@@ -71,11 +71,11 @@ with a router attached to the service `api@internal` in the
 to allow defining:
 
 - One or more security features through [middlewares](../middlewares/overview.md)
-  like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
+  like authentication ([basicAuth](../middlewares/http/basicauth.md), [digestAuth](../middlewares/http/digestauth.md),
   [forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md).
 
 - A [router rule](#dashboard-router-rule) for accessing the dashboard,
-  through Traefik itself (sometimes referred as "Traefik-ception").
+  through Traefik itself (sometimes referred to as "Traefik-ception").
 
 ### Dashboard Router Rule
 
@@ -83,7 +83,7 @@ As underlined in the [documentation for the `api.dashboard` option](./api.md#das
 the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
 the path prefixes `/api` and `/dashboard`.
 
-We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
+We recommend using a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
 or to make sure that the defined rule captures both prefixes:
 
 ```bash tab="Host Rule"

docs/content/operations/ping.md

@@ -33,7 +33,7 @@ whose default value is `traefik` (port `8080`).
 
 | Path    | Method        | Description                                                                                         |
 |---------|---------------|-----------------------------------------------------------------------------------------------------|
-| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
+| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
 
 !!! note
     The `cli` comes with a [`healthcheck`](./cli.md#healthcheck) command which can be used for calling this endpoint.
@@ -92,10 +92,11 @@ ping:
 _Optional, Default=503_
 
 During the period in which Traefik is gracefully shutting down, the ping handler
-returns a 503 status code by default. If Traefik is behind e.g. a load-balancer
+returns a `503` status code by default.  
+If Traefik is behind, for example a load-balancer
 doing health checks (such as the Kubernetes LivenessProbe), another code might
-be expected as the signal for graceful termination. In which case, the
-terminatingStatusCode can be used to set the code returned by the ping
+be expected as the signal for graceful termination.  
+In that case, the terminatingStatusCode can be used to set the code returned by the ping
 handler during termination.
 
 ```yaml tab="File (YAML)"

docs/content/providers/docker.md

@@ -21,7 +21,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
 
 ## Configuration Examples
 
-??? example "Configuring Docker & Deploying / Exposing Services"
+??? example "Configuring Docker & Deploying / Exposing one Service"
 
     Enabling the docker provider
 
@@ -49,7 +49,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
           - traefik.http.routers.my-container.rule=Host(`example.com`)
     ```
 
-??? example "Configuring Docker Swarm & Deploying / Exposing Services"
+??? example "Configuring Docker Swarm & Deploying / Exposing one Service"
 
     Enabling the docker provider (Swarm Mode)
 
@@ -80,7 +80,9 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
     --providers.docker.swarmMode=true
     ```
 
-    Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
+    Attach labels to a single service (not containers) while in Swarm mode (in your Docker compose file).
+    When there is only one service, and the router does not specify a service,
+    then that service is automatically assigned to the router.
 
     ```yaml
     version: "3"
@@ -117,12 +119,14 @@ When using Docker Compose, labels are specified by the directive
 
 Traefik retrieves the private IP and port of containers from the Docker API.
 
-Port detection works as follows:
+Port detection for private communication works as follows:
 
 - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port,
-  then Traefik uses this port for private communication.
+  then Traefik uses this port.
 - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports,
-  or does not expose any port, then you must manually specify which port Traefik should use for communication
+  then Traefik uses the lowest port.  E.g. if `80` and `8080` are exposed, Traefik will use `80`.
+- If a container does not expose any port, or the selection from multiple ports does not fit,
+  then you must manually specify which port Traefik should use for communication
   by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
   (Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)).
 
@@ -267,7 +271,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
 
     services:
       traefik:
-         image: traefik:v2.10 # The official v2 Traefik docker image
+         image: traefik:v2.11 # The official v2 Traefik docker image
          ports:
            - "80:80"
          volumes:
@@ -296,9 +300,9 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
 
 ??? example "Using SSH"
 
-    Using Docker 18.09+ you can connect Traefik to daemon using SSH
+    Using Docker 18.09+ you can connect Traefik to daemon using SSH.
     We specify the SSH host and user in Traefik's configuration file.
-    Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
+    Note that if the server requires public keys for authentication, you must have them accessible for the user running Traefik.
 
     ```yaml tab="File (YAML)"
     providers:
@@ -738,7 +742,7 @@ providers:
 _Optional, Default=false_
 
 If the parameter is set to `true`,
-any [servers load balancer](../routing/services/index.md#servers-load-balancer) defined for Docker containers is created 
+any [servers load balancer](../routing/services/index.md#servers-load-balancer) defined for Docker containers is created
 regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers.
 It also then stays alive and responsive even at times when it becomes empty,
 i.e. when all its children containers become unhealthy.

docs/content/providers/kubernetes-crd.md

@@ -35,10 +35,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
 
     ```bash
     # Install Traefik Resource Definitions:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
     
     # Install RBAC for Traefik:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
     ```
 
 ## Resource Configuration

docs/content/providers/kubernetes-ingress.md

@@ -502,6 +502,6 @@ providers:
 ### Further
 
 To learn more about the various aspects of the Ingress specification that Traefik supports,
-many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.10/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.11/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
 
 {!traefik-for-business-applications.md!}

docs/content/providers/nomad.md

@@ -163,6 +163,7 @@ providers:
 _Optional, Default=""_
 
 Token is used to provide a per-request ACL token, if Nomad ACLs are enabled.
+The appropriate ACL privilege for this token is 'read-job', as outlined in the [Nomad documentation on ACL](https://developer.hashicorp.com/nomad/tutorials/access-control/access-control-policies).
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/redis.md

@@ -229,3 +229,166 @@ providers:
 ```bash tab="CLI"
 --providers.redis.tls.insecureSkipVerify=true
 ```
+
+### `sentinel`
+
+_Optional_
+
+Defines the Sentinel configuration used to interact with Redis Sentinel.
+
+#### `masterName`
+
+_Required_
+
+`masterName` is the name of the Sentinel master.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      masterName: my-master
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+  masterName = "my-master"
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.masterName=my-master
+```
+
+#### `username`
+
+_Optional_
+
+`username` is the username for Sentinel authentication.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      username: user
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+  username = "user"
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.username=user
+```
+
+#### `password`
+
+_Optional_
+
+`password` is the password for Sentinel authentication.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      password: password
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+  password = "password"
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.password=password
+```
+
+#### `latencyStrategy`
+
+_Optional, Default=false_
+
+`latencyStrategy` defines whether to route commands to the closest master or replica nodes 
+(mutually exclusive with RandomStrategy and ReplicaStrategy).
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      latencyStrategy: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+latencyStrategy = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.latencyStrategy=true
+```
+
+#### `randomStrategy`
+
+_Optional, Default=false_
+
+`randomStrategy` defines whether to route commands randomly to master or replica nodes 
+(mutually exclusive with LatencyStrategy and ReplicaStrategy).
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      randomStrategy: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+randomStrategy = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.randomStrategy=true
+```
+
+#### `replicaStrategy`
+
+_Optional, Default=false_
+
+`replicaStrategy` Defines whether to route all commands to replica nodes 
+(mutually exclusive with LatencyStrategy and RandomStrategy).
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      replicaStrategy: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+replicaStrategy = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.replicaStrategy=true
+```
+
+#### `useDisconnectedReplicas`
+
+_Optional, Default=false_
+
+`useDisconnectedReplicas` defines whether to use replicas disconnected with master when cannot get connected replicas.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      useDisconnectedReplicas: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+useDisconnectedReplicas = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.useDisconnectedReplicas=true
+```

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -1,126 +1,136 @@
-- "traefik.http.middlewares.middleware00.addprefix.prefix=foobar"
-- "traefik.http.middlewares.middleware01.basicauth.headerfield=foobar"
-- "traefik.http.middlewares.middleware01.basicauth.realm=foobar"
-- "traefik.http.middlewares.middleware01.basicauth.removeheader=true"
-- "traefik.http.middlewares.middleware01.basicauth.users=foobar, foobar"
-- "traefik.http.middlewares.middleware01.basicauth.usersfile=foobar"
-- "traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes=42"
-- "traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes=42"
-- "traefik.http.middlewares.middleware02.buffering.memrequestbodybytes=42"
-- "traefik.http.middlewares.middleware02.buffering.memresponsebodybytes=42"
-- "traefik.http.middlewares.middleware02.buffering.retryexpression=foobar"
-- "traefik.http.middlewares.middleware03.chain.middlewares=foobar, foobar"
-- "traefik.http.middlewares.middleware04.circuitbreaker.expression=foobar"
-- "traefik.http.middlewares.middleware04.circuitbreaker.checkperiod=42s"
-- "traefik.http.middlewares.middleware04.circuitbreaker.fallbackduration=42s"
-- "traefik.http.middlewares.middleware04.circuitbreaker.recoveryduration=42s"
-- "traefik.http.middlewares.middleware05.compress=true"
-- "traefik.http.middlewares.middleware05.compress.excludedcontenttypes=foobar, foobar"
-- "traefik.http.middlewares.middleware05.compress.minresponsebodybytes=42"
-- "traefik.http.middlewares.middleware06.contenttype.autodetect=true"
-- "traefik.http.middlewares.middleware07.digestauth.headerfield=foobar"
-- "traefik.http.middlewares.middleware07.digestauth.realm=foobar"
-- "traefik.http.middlewares.middleware07.digestauth.removeheader=true"
-- "traefik.http.middlewares.middleware07.digestauth.users=foobar, foobar"
-- "traefik.http.middlewares.middleware07.digestauth.usersfile=foobar"
-- "traefik.http.middlewares.middleware08.errors.query=foobar"
-- "traefik.http.middlewares.middleware08.errors.service=foobar"
-- "traefik.http.middlewares.middleware08.errors.status=foobar, foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.address=foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders=foobar, foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
-- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
-- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
-- "traefik.http.middlewares.middleware09.forwardauth.trustforwardheader=true"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials=true"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlistregex=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage=42"
-- "traefik.http.middlewares.middleware10.headers.addvaryheader=true"
-- "traefik.http.middlewares.middleware10.headers.allowedhosts=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.browserxssfilter=true"
-- "traefik.http.middlewares.middleware10.headers.contentsecuritypolicy=foobar"
-- "traefik.http.middlewares.middleware10.headers.contenttypenosniff=true"
-- "traefik.http.middlewares.middleware10.headers.custombrowserxssvalue=foobar"
-- "traefik.http.middlewares.middleware10.headers.customframeoptionsvalue=foobar"
-- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name0=foobar"
-- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
-- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
-- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
-- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
-- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
-- "traefik.http.middlewares.middleware10.headers.framedeny=true"
-- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
-- "traefik.http.middlewares.middleware10.headers.isdevelopment=true"
-- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
-- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
-- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
-- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
-- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
-- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
-- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
-- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
-- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
-- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
-- "traefik.http.middlewares.middleware10.headers.stspreload=true"
-- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
-- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42"
-- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
-- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar"
-- "traefik.http.middlewares.middleware12.inflightreq.amount=42"
-- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
-- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
-- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername=foobar"
-- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.sans=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organizationalunit=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.pem=true"
-- "traefik.http.middlewares.middleware14.plugin.foobar.foo=bar"
-- "traefik.http.middlewares.middleware15.ratelimit.average=42"
-- "traefik.http.middlewares.middleware15.ratelimit.burst=42"
-- "traefik.http.middlewares.middleware15.ratelimit.period=42"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth=42"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername=foobar"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost=true"
-- "traefik.http.middlewares.middleware16.redirectregex.permanent=true"
-- "traefik.http.middlewares.middleware16.redirectregex.regex=foobar"
-- "traefik.http.middlewares.middleware16.redirectregex.replacement=foobar"
-- "traefik.http.middlewares.middleware17.redirectscheme.permanent=true"
-- "traefik.http.middlewares.middleware17.redirectscheme.port=foobar"
-- "traefik.http.middlewares.middleware17.redirectscheme.scheme=foobar"
-- "traefik.http.middlewares.middleware18.replacepath.path=foobar"
-- "traefik.http.middlewares.middleware19.replacepathregex.regex=foobar"
-- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
-- "traefik.http.middlewares.middleware20.retry.attempts=42"
-- "traefik.http.middlewares.middleware20.retry.initialinterval=42"
-- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
-- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
-- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
+- "traefik.http.middlewares.middleware01.addprefix.prefix=foobar"
+- "traefik.http.middlewares.middleware02.basicauth.headerfield=foobar"
+- "traefik.http.middlewares.middleware02.basicauth.realm=foobar"
+- "traefik.http.middlewares.middleware02.basicauth.removeheader=true"
+- "traefik.http.middlewares.middleware02.basicauth.users=foobar, foobar"
+- "traefik.http.middlewares.middleware02.basicauth.usersfile=foobar"
+- "traefik.http.middlewares.middleware03.buffering.maxrequestbodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.maxresponsebodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.memrequestbodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.memresponsebodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.retryexpression=foobar"
+- "traefik.http.middlewares.middleware04.chain.middlewares=foobar, foobar"
+- "traefik.http.middlewares.middleware05.circuitbreaker.checkperiod=42s"
+- "traefik.http.middlewares.middleware05.circuitbreaker.expression=foobar"
+- "traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration=42s"
+- "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s"
+- "traefik.http.middlewares.middleware06.compress=true"
+- "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar"
+- "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42"
+- "traefik.http.middlewares.middleware07.contenttype.autodetect=true"
+- "traefik.http.middlewares.middleware08.digestauth.headerfield=foobar"
+- "traefik.http.middlewares.middleware08.digestauth.realm=foobar"
+- "traefik.http.middlewares.middleware08.digestauth.removeheader=true"
+- "traefik.http.middlewares.middleware08.digestauth.users=foobar, foobar"
+- "traefik.http.middlewares.middleware08.digestauth.usersfile=foobar"
+- "traefik.http.middlewares.middleware09.errors.query=foobar"
+- "traefik.http.middlewares.middleware09.errors.service=foobar"
+- "traefik.http.middlewares.middleware09.errors.status=foobar, foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.address=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.authrequestheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify=true"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.key=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.trustforwardheader=true"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolallowcredentials=true"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolallowheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolallowmethods=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlist=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlistregex=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolexposeheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolmaxage=42"
+- "traefik.http.middlewares.middleware11.headers.addvaryheader=true"
+- "traefik.http.middlewares.middleware11.headers.allowedhosts=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.browserxssfilter=true"
+- "traefik.http.middlewares.middleware11.headers.contentsecuritypolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.contenttypenosniff=true"
+- "traefik.http.middlewares.middleware11.headers.custombrowserxssvalue=foobar"
+- "traefik.http.middlewares.middleware11.headers.customframeoptionsvalue=foobar"
+- "traefik.http.middlewares.middleware11.headers.customrequestheaders.name0=foobar"
+- "traefik.http.middlewares.middleware11.headers.customrequestheaders.name1=foobar"
+- "traefik.http.middlewares.middleware11.headers.customresponseheaders.name0=foobar"
+- "traefik.http.middlewares.middleware11.headers.customresponseheaders.name1=foobar"
+- "traefik.http.middlewares.middleware11.headers.featurepolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.forcestsheader=true"
+- "traefik.http.middlewares.middleware11.headers.framedeny=true"
+- "traefik.http.middlewares.middleware11.headers.hostsproxyheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.isdevelopment=true"
+- "traefik.http.middlewares.middleware11.headers.permissionspolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.publickey=foobar"
+- "traefik.http.middlewares.middleware11.headers.referrerpolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslforcehost=true"
+- "traefik.http.middlewares.middleware11.headers.sslhost=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslproxyheaders.name0=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslproxyheaders.name1=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslredirect=true"
+- "traefik.http.middlewares.middleware11.headers.ssltemporaryredirect=true"
+- "traefik.http.middlewares.middleware11.headers.stsincludesubdomains=true"
+- "traefik.http.middlewares.middleware11.headers.stspreload=true"
+- "traefik.http.middlewares.middleware11.headers.stsseconds=42"
+- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy=true"
+- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware12.ipallowlist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy=true"
+- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware13.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware14.inflightreq.amount=42"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.commonname=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.country=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.domaincomponent=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.locality=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.organization=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.province=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.serialnumber=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.notafter=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.notbefore=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.sans=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.serialnumber=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.commonname=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.country=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.domaincomponent=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.locality=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organization=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organizationalunit=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.province=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.serialnumber=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.pem=true"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf0.name0=foobar"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf0.name1=foobar"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf1.name0=foobar"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf1.name1=foobar"
+- "traefik.http.middlewares.middleware17.ratelimit.average=42"
+- "traefik.http.middlewares.middleware17.ratelimit.burst=42"
+- "traefik.http.middlewares.middleware17.ratelimit.period=42s"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware18.redirectregex.permanent=true"
+- "traefik.http.middlewares.middleware18.redirectregex.regex=foobar"
+- "traefik.http.middlewares.middleware18.redirectregex.replacement=foobar"
+- "traefik.http.middlewares.middleware19.redirectscheme.permanent=true"
+- "traefik.http.middlewares.middleware19.redirectscheme.port=foobar"
+- "traefik.http.middlewares.middleware19.redirectscheme.scheme=foobar"
+- "traefik.http.middlewares.middleware20.replacepath.path=foobar"
+- "traefik.http.middlewares.middleware21.replacepathregex.regex=foobar"
+- "traefik.http.middlewares.middleware21.replacepathregex.replacement=foobar"
+- "traefik.http.middlewares.middleware22.retry.attempts=42"
+- "traefik.http.middlewares.middleware22.retry.initialinterval=42s"
+- "traefik.http.middlewares.middleware23.stripprefix.forceslash=true"
+- "traefik.http.middlewares.middleware23.stripprefix.prefixes=foobar, foobar"
+- "traefik.http.middlewares.middleware24.stripprefixregex.regex=foobar, foobar"
 - "traefik.http.routers.router0.entrypoints=foobar, foobar"
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.priority=42"
@@ -145,32 +155,34 @@
 - "traefik.http.routers.router1.tls.domains[1].main=foobar"
 - "traefik.http.routers.router1.tls.domains[1].sans=foobar, foobar"
 - "traefik.http.routers.router1.tls.options=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.followredirects=true"
-- "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.hostname=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.interval=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.path=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.method=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.port=42"
-- "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar"
-- "traefik.http.services.service01.loadbalancer.passhostheader=true"
-- "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar"
-- "traefik.http.services.service01.loadbalancer.serverstransport=foobar"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie=true"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite=foobar"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
-- "traefik.http.services.service01.loadbalancer.server.port=foobar"
-- "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
-- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar"
-- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
+- "traefik.http.services.service02.loadbalancer.healthcheck.followredirects=true"
+- "traefik.http.services.service02.loadbalancer.healthcheck.headers.name0=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.headers.name1=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.hostname=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.interval=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.method=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.path=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.port=42"
+- "traefik.http.services.service02.loadbalancer.healthcheck.scheme=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.timeout=foobar"
+- "traefik.http.services.service02.loadbalancer.passhostheader=true"
+- "traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval=foobar"
+- "traefik.http.services.service02.loadbalancer.serverstransport=foobar"
+- "traefik.http.services.service02.loadbalancer.sticky=true"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie=true"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.httponly=true"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.name=foobar"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.samesite=foobar"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.secure=true"
+- "traefik.http.services.service02.loadbalancer.server.port=foobar"
+- "traefik.http.services.service02.loadbalancer.server.scheme=foobar"
+- "traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange=foobar, foobar"
+- "traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount=42"
 - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
 - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
-- "traefik.tcp.routers.tcprouter0.rule=foobar"
 - "traefik.tcp.routers.tcprouter0.priority=42"
+- "traefik.tcp.routers.tcprouter0.rule=foobar"
 - "traefik.tcp.routers.tcprouter0.service=foobar"
 - "traefik.tcp.routers.tcprouter0.tls=true"
 - "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
@@ -182,8 +194,8 @@
 - "traefik.tcp.routers.tcprouter0.tls.passthrough=true"
 - "traefik.tcp.routers.tcprouter1.entrypoints=foobar, foobar"
 - "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
-- "traefik.tcp.routers.tcprouter1.rule=foobar"
 - "traefik.tcp.routers.tcprouter1.priority=42"
+- "traefik.tcp.routers.tcprouter1.rule=foobar"
 - "traefik.tcp.routers.tcprouter1.service=foobar"
 - "traefik.tcp.routers.tcprouter1.tls=true"
 - "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
@@ -193,21 +205,18 @@
 - "traefik.tcp.routers.tcprouter1.tls.domains[1].sans=foobar, foobar"
 - "traefik.tcp.routers.tcprouter1.tls.options=foobar"
 - "traefik.tcp.routers.tcprouter1.tls.passthrough=true"
+- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol=true"
 - "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42"
 - "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
 - "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
+- "traefik.tls.stores.store0.defaultgeneratedcert.domain.main=foobar"
+- "traefik.tls.stores.store0.defaultgeneratedcert.domain.sans=foobar, foobar"
+- "traefik.tls.stores.store0.defaultgeneratedcert.resolver=foobar"
+- "traefik.tls.stores.store1.defaultgeneratedcert.domain.main=foobar"
+- "traefik.tls.stores.store1.defaultgeneratedcert.domain.sans=foobar, foobar"
+- "traefik.tls.stores.store1.defaultgeneratedcert.resolver=foobar"
 - "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"
 - "traefik.udp.routers.udprouter0.service=foobar"
 - "traefik.udp.routers.udprouter1.entrypoints=foobar, foobar"
 - "traefik.udp.routers.udprouter1.service=foobar"
 - "traefik.udp.services.udpservice01.loadbalancer.server.port=foobar"
-- "traefik.tls.stores.Store0.defaultcertificate.certfile=foobar"
-- "traefik.tls.stores.Store0.defaultcertificate.keyfile=foobar"
-- "traefik.tls.stores.Store0.defaultgeneratedcert.domain.main=foobar"
-- "traefik.tls.stores.Store0.defaultgeneratedcert.domain.sans=foobar, foobar"
-- "traefik.tls.stores.Store0.defaultgeneratedcert.resolver=foobar"
-- "traefik.tls.stores.Store1.defaultcertificate.certfile=foobar"
-- "traefik.tls.stores.Store1.defaultcertificate.keyfile=foobar"
-- "traefik.tls.stores.Store1.defaultgeneratedcert.domain.main=foobar"
-- "traefik.tls.stores.Store1.defaultgeneratedcert.domain.sans=foobar, foobar"
-- "traefik.tls.stores.Store1.defaultgeneratedcert.resolver=foobar"

docs/content/reference/dynamic-configuration/file.toml

@@ -1,3 +1,5 @@
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
 [http]
   [http.routers]
     [http.routers.Router0]
@@ -36,22 +38,27 @@
           sans = ["foobar", "foobar"]
   [http.services]
     [http.services.Service01]
-      [http.services.Service01.loadBalancer]
+      [http.services.Service01.failover]
+        service = "foobar"
+        fallback = "foobar"
+        [http.services.Service01.failover.healthCheck]
+    [http.services.Service02]
+      [http.services.Service02.loadBalancer]
         passHostHeader = true
         serversTransport = "foobar"
-        [http.services.Service01.loadBalancer.sticky]
-          [http.services.Service01.loadBalancer.sticky.cookie]
+        [http.services.Service02.loadBalancer.sticky]
+          [http.services.Service02.loadBalancer.sticky.cookie]
             name = "foobar"
             secure = true
             httpOnly = true
             sameSite = "foobar"
 
-        [[http.services.Service01.loadBalancer.servers]]
+        [[http.services.Service02.loadBalancer.servers]]
           url = "foobar"
 
-        [[http.services.Service01.loadBalancer.servers]]
+        [[http.services.Service02.loadBalancer.servers]]
           url = "foobar"
-        [http.services.Service01.loadBalancer.healthCheck]
+        [http.services.Service02.loadBalancer.healthCheck]
           scheme = "foobar"
           path = "foobar"
           method = "foobar"
@@ -60,109 +67,102 @@
           timeout = "foobar"
           hostname = "foobar"
           followRedirects = true
-          [http.services.Service01.loadBalancer.healthCheck.headers]
+          [http.services.Service02.loadBalancer.healthCheck.headers]
             name0 = "foobar"
             name1 = "foobar"
-        [http.services.Service01.loadBalancer.responseForwarding]
+        [http.services.Service02.loadBalancer.responseForwarding]
           flushInterval = "foobar"
-    [http.services.Service02]
-      [http.services.Service02.mirroring]
+    [http.services.Service03]
+      [http.services.Service03.mirroring]
         service = "foobar"
         maxBodySize = 42
 
-        [http.services.Service02.mirroring.healthCheck]
-
-        [[http.services.Service02.mirroring.mirrors]]
+        [[http.services.Service03.mirroring.mirrors]]
           name = "foobar"
           percent = 42
 
-        [[http.services.Service02.mirroring.mirrors]]
+        [[http.services.Service03.mirroring.mirrors]]
           name = "foobar"
           percent = 42
-    [http.services.Service03]
-      [http.services.Service03.weighted]
-        [http.services.Service03.weighted.healthCheck]
+        [http.services.Service03.mirroring.healthCheck]
+    [http.services.Service04]
+      [http.services.Service04.weighted]
 
-        [[http.services.Service03.weighted.services]]
+        [[http.services.Service04.weighted.services]]
           name = "foobar"
           weight = 42
 
-        [[http.services.Service03.weighted.services]]
+        [[http.services.Service04.weighted.services]]
           name = "foobar"
           weight = 42
-        [http.services.Service03.weighted.sticky]
-          [http.services.Service03.weighted.sticky.cookie]
+        [http.services.Service04.weighted.sticky]
+          [http.services.Service04.weighted.sticky.cookie]
             name = "foobar"
             secure = true
             httpOnly = true
             sameSite = "foobar"
-    [http.services.Service04]
-      [http.services.Service04.failover]
-        service = "foobar"
-        fallback = "foobar"
-
-      [http.services.Service04.failover.healthCheck]
+        [http.services.Service04.weighted.healthCheck]
   [http.middlewares]
-    [http.middlewares.Middleware00]
-      [http.middlewares.Middleware00.addPrefix]
-        prefix = "foobar"
     [http.middlewares.Middleware01]
-      [http.middlewares.Middleware01.basicAuth]
+      [http.middlewares.Middleware01.addPrefix]
+        prefix = "foobar"
+    [http.middlewares.Middleware02]
+      [http.middlewares.Middleware02.basicAuth]
         users = ["foobar", "foobar"]
         usersFile = "foobar"
         realm = "foobar"
         removeHeader = true
         headerField = "foobar"
-    [http.middlewares.Middleware02]
-      [http.middlewares.Middleware02.buffering]
+    [http.middlewares.Middleware03]
+      [http.middlewares.Middleware03.buffering]
         maxRequestBodyBytes = 42
         memRequestBodyBytes = 42
         maxResponseBodyBytes = 42
         memResponseBodyBytes = 42
         retryExpression = "foobar"
-    [http.middlewares.Middleware03]
-      [http.middlewares.Middleware03.chain]
-        middlewares = ["foobar", "foobar"]
     [http.middlewares.Middleware04]
-      [http.middlewares.Middleware04.circuitBreaker]
+      [http.middlewares.Middleware04.chain]
+        middlewares = ["foobar", "foobar"]
+    [http.middlewares.Middleware05]
+      [http.middlewares.Middleware05.circuitBreaker]
         expression = "foobar"
         checkPeriod = "42s"
         fallbackDuration = "42s"
         recoveryDuration = "42s"
-    [http.middlewares.Middleware05]
-      [http.middlewares.Middleware05.compress]
+    [http.middlewares.Middleware06]
+      [http.middlewares.Middleware06.compress]
         excludedContentTypes = ["foobar", "foobar"]
         minResponseBodyBytes = 42
-    [http.middlewares.Middleware06]
-      [http.middlewares.Middleware06.contentType]
-        autoDetect = true
     [http.middlewares.Middleware07]
-      [http.middlewares.Middleware07.digestAuth]
+      [http.middlewares.Middleware07.contentType]
+        autoDetect = true
+    [http.middlewares.Middleware08]
+      [http.middlewares.Middleware08.digestAuth]
         users = ["foobar", "foobar"]
         usersFile = "foobar"
         removeHeader = true
         realm = "foobar"
         headerField = "foobar"
-    [http.middlewares.Middleware08]
-      [http.middlewares.Middleware08.errors]
+    [http.middlewares.Middleware09]
+      [http.middlewares.Middleware09.errors]
         status = ["foobar", "foobar"]
         service = "foobar"
         query = "foobar"
-    [http.middlewares.Middleware09]
-      [http.middlewares.Middleware09.forwardAuth]
+    [http.middlewares.Middleware10]
+      [http.middlewares.Middleware10.forwardAuth]
         address = "foobar"
         trustForwardHeader = true
         authResponseHeaders = ["foobar", "foobar"]
         authResponseHeadersRegex = "foobar"
         authRequestHeaders = ["foobar", "foobar"]
-        [http.middlewares.Middleware09.forwardAuth.tls]
+        [http.middlewares.Middleware10.forwardAuth.tls]
           ca = "foobar"
           caOptional = true
           cert = "foobar"
           key = "foobar"
           insecureSkipVerify = true
-    [http.middlewares.Middleware10]
-      [http.middlewares.Middleware10.headers]
+    [http.middlewares.Middleware11]
+      [http.middlewares.Middleware11.headers]
         accessControlAllowCredentials = true
         accessControlAllowHeaders = ["foobar", "foobar"]
         accessControlAllowMethods = ["foobar", "foobar"]
@@ -192,39 +192,45 @@
         featurePolicy = "foobar"
         permissionsPolicy = "foobar"
         isDevelopment = true
-        [http.middlewares.Middleware10.headers.customRequestHeaders]
+        [http.middlewares.Middleware11.headers.customRequestHeaders]
           name0 = "foobar"
           name1 = "foobar"
-        [http.middlewares.Middleware10.headers.customResponseHeaders]
+        [http.middlewares.Middleware11.headers.customResponseHeaders]
           name0 = "foobar"
           name1 = "foobar"
-        [http.middlewares.Middleware10.headers.sslProxyHeaders]
+        [http.middlewares.Middleware11.headers.sslProxyHeaders]
           name0 = "foobar"
           name1 = "foobar"
-    [http.middlewares.Middleware11]
-      [http.middlewares.Middleware11.ipWhiteList]
+    [http.middlewares.Middleware12]
+      [http.middlewares.Middleware12.ipAllowList]
         sourceRange = ["foobar", "foobar"]
-        [http.middlewares.Middleware11.ipWhiteList.ipStrategy]
+        [http.middlewares.Middleware12.ipAllowList.ipStrategy]
           depth = 42
           excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware12]
-      [http.middlewares.Middleware12.inFlightReq]
+    [http.middlewares.Middleware13]
+      [http.middlewares.Middleware13.ipWhiteList]
+        sourceRange = ["foobar", "foobar"]
+        [http.middlewares.Middleware13.ipWhiteList.ipStrategy]
+          depth = 42
+          excludedIPs = ["foobar", "foobar"]
+    [http.middlewares.Middleware14]
+      [http.middlewares.Middleware14.inFlightReq]
         amount = 42
-        [http.middlewares.Middleware12.inFlightReq.sourceCriterion]
+        [http.middlewares.Middleware14.inFlightReq.sourceCriterion]
           requestHeaderName = "foobar"
           requestHost = true
-          [http.middlewares.Middleware12.inFlightReq.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware14.inFlightReq.sourceCriterion.ipStrategy]
             depth = 42
             excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware13]
-      [http.middlewares.Middleware13.passTLSClientCert]
+    [http.middlewares.Middleware15]
+      [http.middlewares.Middleware15.passTLSClientCert]
         pem = true
-        [http.middlewares.Middleware13.passTLSClientCert.info]
+        [http.middlewares.Middleware15.passTLSClientCert.info]
           notAfter = true
           notBefore = true
           sans = true
           serialNumber = true
-          [http.middlewares.Middleware13.passTLSClientCert.info.subject]
+          [http.middlewares.Middleware15.passTLSClientCert.info.subject]
             country = true
             province = true
             locality = true
@@ -233,7 +239,7 @@
             commonName = true
             serialNumber = true
             domainComponent = true
-          [http.middlewares.Middleware13.passTLSClientCert.info.issuer]
+          [http.middlewares.Middleware15.passTLSClientCert.info.issuer]
             country = true
             province = true
             locality = true
@@ -241,48 +247,52 @@
             commonName = true
             serialNumber = true
             domainComponent = true
-    [http.middlewares.Middleware14]
-      [http.middlewares.Middleware14.plugin]
-        [http.middlewares.Middleware14.plugin.PluginConf]
-          foo = "bar"
-    [http.middlewares.Middleware15]
-      [http.middlewares.Middleware15.rateLimit]
+    [http.middlewares.Middleware16]
+      [http.middlewares.Middleware16.plugin]
+        [http.middlewares.Middleware16.plugin.PluginConf0]
+          name0 = "foobar"
+          name1 = "foobar"
+        [http.middlewares.Middleware16.plugin.PluginConf1]
+          name0 = "foobar"
+          name1 = "foobar"
+    [http.middlewares.Middleware17]
+      [http.middlewares.Middleware17.rateLimit]
         average = 42
         period = "42s"
         burst = 42
-        [http.middlewares.Middleware15.rateLimit.sourceCriterion]
+        [http.middlewares.Middleware17.rateLimit.sourceCriterion]
           requestHeaderName = "foobar"
           requestHost = true
-          [http.middlewares.Middleware15.rateLimit.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware17.rateLimit.sourceCriterion.ipStrategy]
             depth = 42
             excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware16]
-      [http.middlewares.Middleware16.redirectRegex]
+    [http.middlewares.Middleware18]
+      [http.middlewares.Middleware18.redirectRegex]
         regex = "foobar"
         replacement = "foobar"
         permanent = true
-    [http.middlewares.Middleware17]
-      [http.middlewares.Middleware17.redirectScheme]
+    [http.middlewares.Middleware19]
+      [http.middlewares.Middleware19.redirectScheme]
         scheme = "foobar"
         port = "foobar"
         permanent = true
-    [http.middlewares.Middleware18]
-      [http.middlewares.Middleware18.replacePath]
+    [http.middlewares.Middleware20]
+      [http.middlewares.Middleware20.replacePath]
         path = "foobar"
-    [http.middlewares.Middleware19]
-      [http.middlewares.Middleware19.replacePathRegex]
+    [http.middlewares.Middleware21]
+      [http.middlewares.Middleware21.replacePathRegex]
         regex = "foobar"
         replacement = "foobar"
-    [http.middlewares.Middleware20]
-      [http.middlewares.Middleware20.retry]
+    [http.middlewares.Middleware22]
+      [http.middlewares.Middleware22.retry]
         attempts = 42
         initialInterval = "42s"
-    [http.middlewares.Middleware21]
-      [http.middlewares.Middleware21.stripPrefix]
+    [http.middlewares.Middleware23]
+      [http.middlewares.Middleware23.stripPrefix]
         prefixes = ["foobar", "foobar"]
         forceSlash = true
-    [http.middlewares.Middleware22]
-      [http.middlewares.Middleware22.stripPrefixRegex]
+    [http.middlewares.Middleware24]
+      [http.middlewares.Middleware24.stripPrefixRegex]
         regex = ["foobar", "foobar"]
   [http.serversTransports]
     [http.serversTransports.ServersTransport0]
@@ -389,11 +399,14 @@
           name = "foobar"
           weight = 42
   [tcp.middlewares]
-    [tcp.middlewares.TCPMiddleware00]
-      [tcp.middlewares.TCPMiddleware00.ipWhiteList]
-        sourceRange = ["foobar", "foobar"]
     [tcp.middlewares.TCPMiddleware01]
-      [tcp.middlewares.TCPMiddleware01.inFlightConn]
+      [tcp.middlewares.TCPMiddleware01.ipAllowList]
+        sourceRange = ["foobar", "foobar"]
+    [tcp.middlewares.TCPMiddleware02]
+      [tcp.middlewares.TCPMiddleware02.ipWhiteList]
+        sourceRange = ["foobar", "foobar"]
+    [tcp.middlewares.TCPMiddleware03]
+      [tcp.middlewares.TCPMiddleware03.inFlightConn]
         amount = 42
 
 [udp]

docs/content/reference/dynamic-configuration/file.yaml

@@ -1,3 +1,5 @@
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
 http:
   routers:
     Router0:
@@ -46,6 +48,11 @@ http:
               - foobar
   services:
     Service01:
+      failover:
+        service: foobar
+        fallback: foobar
+        healthCheck: {}
+    Service02:
       loadBalancer:
         sticky:
           cookie:
@@ -72,19 +79,18 @@ http:
         responseForwarding:
           flushInterval: foobar
         serversTransport: foobar
-    Service02:
+    Service03:
       mirroring:
         service: foobar
         maxBodySize: 42
-        healthCheck: {}
         mirrors:
           - name: foobar
             percent: 42
           - name: foobar
             percent: 42
-    Service03:
-      weighted:
         healthCheck: {}
+    Service04:
+      weighted:
         services:
           - name: foobar
             weight: 42
@@ -96,16 +102,12 @@ http:
             secure: true
             httpOnly: true
             sameSite: foobar
-    Service04:
-      failover:
-        service: foobar
-        fallback: foobar
         healthCheck: {}
   middlewares:
-    Middleware00:
+    Middleware01:
       addPrefix:
         prefix: foobar
-    Middleware01:
+    Middleware02:
       basicAuth:
         users:
           - foobar
@@ -114,34 +116,34 @@ http:
         realm: foobar
         removeHeader: true
         headerField: foobar
-    Middleware02:
+    Middleware03:
       buffering:
         maxRequestBodyBytes: 42
         memRequestBodyBytes: 42
         maxResponseBodyBytes: 42
         memResponseBodyBytes: 42
         retryExpression: foobar
-    Middleware03:
+    Middleware04:
       chain:
         middlewares:
           - foobar
           - foobar
-    Middleware04:
+    Middleware05:
       circuitBreaker:
         expression: foobar
         checkPeriod: 42s
         fallbackDuration: 42s
         recoveryDuration: 42s
-    Middleware05:
+    Middleware06:
       compress:
         excludedContentTypes:
           - foobar
           - foobar
         minResponseBodyBytes: 42
-    Middleware06:
+    Middleware07:
       contentType:
         autoDetect: true
-    Middleware07:
+    Middleware08:
       digestAuth:
         users:
           - foobar
@@ -150,14 +152,14 @@ http:
         removeHeader: true
         realm: foobar
         headerField: foobar
-    Middleware08:
+    Middleware09:
       errors:
         status:
           - foobar
           - foobar
         service: foobar
         query: foobar
-    Middleware09:
+    Middleware10:
       forwardAuth:
         address: foobar
         tls:
@@ -174,7 +176,7 @@ http:
         authRequestHeaders:
           - foobar
           - foobar
-    Middleware10:
+    Middleware11:
       headers:
         customRequestHeaders:
           name0: foobar
@@ -228,7 +230,17 @@ http:
         featurePolicy: foobar
         permissionsPolicy: foobar
         isDevelopment: true
-    Middleware11:
+    Middleware12:
+      ipAllowList:
+        sourceRange:
+          - foobar
+          - foobar
+        ipStrategy:
+          depth: 42
+          excludedIPs:
+            - foobar
+            - foobar
+    Middleware13:
       ipWhiteList:
         sourceRange:
           - foobar
@@ -238,7 +250,7 @@ http:
           excludedIPs:
             - foobar
             - foobar
-    Middleware12:
+    Middleware14:
       inFlightReq:
         amount: 42
         sourceCriterion:
@@ -249,13 +261,14 @@ http:
               - foobar
           requestHeaderName: foobar
           requestHost: true
-    Middleware13:
+    Middleware15:
       passTLSClientCert:
         pem: true
         info:
           notAfter: true
           notBefore: true
           sans: true
+          serialNumber: true
           subject:
             country: true
             province: true
@@ -273,12 +286,15 @@ http:
             commonName: true
             serialNumber: true
             domainComponent: true
-          serialNumber: true
-    Middleware14:
+    Middleware16:
       plugin:
-        PluginConf:
-          foo: bar
-    Middleware15:
+        PluginConf0:
+          name0: foobar
+          name1: foobar
+        PluginConf1:
+          name0: foobar
+          name1: foobar
+    Middleware17:
       rateLimit:
         average: 42
         period: 42s
@@ -291,34 +307,34 @@ http:
               - foobar
           requestHeaderName: foobar
           requestHost: true
-    Middleware16:
+    Middleware18:
       redirectRegex:
         regex: foobar
         replacement: foobar
         permanent: true
-    Middleware17:
+    Middleware19:
       redirectScheme:
         scheme: foobar
         port: foobar
         permanent: true
-    Middleware18:
+    Middleware20:
       replacePath:
         path: foobar
-    Middleware19:
+    Middleware21:
       replacePathRegex:
         regex: foobar
         replacement: foobar
-    Middleware20:
+    Middleware22:
       retry:
         attempts: 42
         initialInterval: 42s
-    Middleware21:
+    Middleware23:
       stripPrefix:
         prefixes:
           - foobar
           - foobar
         forceSlash: true
-    Middleware22:
+    Middleware24:
       stripPrefixRegex:
         regex:
           - foobar
@@ -429,12 +445,17 @@ tcp:
           - name: foobar
             weight: 42
   middlewares:
-    TCPMiddleware00:
+    TCPMiddleware01:
+      ipAllowList:
+        sourceRange:
+          - foobar
+          - foobar
+    TCPMiddleware02:
       ipWhiteList:
         sourceRange:
           - foobar
           - foobar
-    TCPMiddleware01:
+    TCPMiddleware03:
       inFlightConn:
         amount: 42
 udp:

docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml

@@ -148,7 +148,7 @@ spec:
         - name: whoamitcp
           port: 8080
       middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
   tls:
     secretName: foosecret
     passthrough: false

docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml

@@ -25,10 +25,10 @@ spec:
       serviceAccountName: traefik-controller
       containers:
         - name: traefik
-          image: traefik:v2.10
+          image: traefik:v2.11
           args:
-            - --entrypoints.web.address=:80
-            - --entrypoints.websecure.address=:443
+            - --entryPoints.web.address=:80
+            - --entryPoints.websecure.address=:443
             - --experimental.kubernetesgateway
             - --providers.kubernetesgateway
 

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -1,145 +1,157 @@
-| `traefik/http/middlewares/Middleware00/addPrefix/prefix` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware01/basicAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware02/buffering/maxRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/maxResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/memRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/memResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/retryExpression` | `foobar` |
-| `traefik/http/middlewares/Middleware03/chain/middlewares/0` | `foobar` |
-| `traefik/http/middlewares/Middleware03/chain/middlewares/1` | `foobar` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/checkPeriod` | `42s` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/expression` | `foobar` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/fallbackDuration` | `42s` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/recoveryDuration` | `42s` |
-| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware05/compress/minResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware06/contentType/autoDetect` | `true` |
-| `traefik/http/middlewares/Middleware07/digestAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware07/digestAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/query` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/service` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/status/0` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/status/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/address` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authRequestHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authRequestHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/trustForwardHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowCredentials` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowMethods/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowMethods/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginListRegex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginListRegex/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlMaxAge` | `42` |
-| `traefik/http/middlewares/Middleware10/headers/addVaryHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/allowedHosts/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/allowedHosts/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/browserXssFilter` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/contentSecurityPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/contentTypeNosniff` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/customBrowserXSSValue` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customFrameOptionsValue` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/isDevelopment` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/commonName` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/country` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/locality` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/organization` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/province` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/notAfter` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/notBefore` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/sans` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/commonName` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/country` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/locality` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/organization` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/organizationalUnit` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/province` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/pem` | `true` |
-| `traefik/http/middlewares/Middleware14/plugin/PluginConf/foo` | `bar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/average` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/burst` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/period` | `42s` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/permanent` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/permanent` | `true` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/port` | `foobar` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/scheme` | `foobar` |
-| `traefik/http/middlewares/Middleware18/replacePath/path` | `foobar` |
-| `traefik/http/middlewares/Middleware19/replacePathRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
-| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
+<!--
+CODE GENERATED AUTOMATICALLY
+THIS FILE MUST NOT BE EDITED BY HAND
+-->
+| `traefik/http/middlewares/Middleware01/addPrefix/prefix` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/headerField` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/realm` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/removeHeader` | `true` |
+| `traefik/http/middlewares/Middleware02/basicAuth/users/0` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/users/1` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/usersFile` | `foobar` |
+| `traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/retryExpression` | `foobar` |
+| `traefik/http/middlewares/Middleware04/chain/middlewares/0` | `foobar` |
+| `traefik/http/middlewares/Middleware04/chain/middlewares/1` | `foobar` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod` | `42s` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
+| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
+| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
+| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` |
+| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` |
+| `traefik/http/middlewares/Middleware08/digestAuth/users/0` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/users/1` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/usersFile` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/query` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/service` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/status/0` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/status/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/address` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowCredentials` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowMethods/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowMethods/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginList/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginList/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginListRegex/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginListRegex/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlExposeHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlExposeHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlMaxAge` | `42` |
+| `traefik/http/middlewares/Middleware11/headers/addVaryHeader` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/allowedHosts/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/allowedHosts/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/browserXssFilter` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/contentSecurityPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/contentTypeNosniff` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/customBrowserXSSValue` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customFrameOptionsValue` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customRequestHeaders/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customRequestHeaders/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customResponseHeaders/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customResponseHeaders/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/featurePolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/forceSTSHeader` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/frameDeny` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/hostsProxyHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/hostsProxyHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/isDevelopment` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/permissionsPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/publicKey` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/referrerPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslForceHost` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/sslHost` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslProxyHeaders/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslProxyHeaders/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslRedirect` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/sslTemporaryRedirect` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/stsIncludeSubdomains` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/stsPreload` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/stsSeconds` | `42` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/sourceRange/0` | `foobar` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/sourceRange/1` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/sourceRange/0` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/sourceRange/1` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/amount` | `42` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/requestHost` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/commonName` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/country` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/domainComponent` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/locality` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/organization` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/province` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/serialNumber` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/notAfter` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/notBefore` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/sans` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/serialNumber` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/commonName` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/country` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/domainComponent` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/locality` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/organization` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/organizationalUnit` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/province` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/serialNumber` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/pem` | `true` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf0/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf0/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf1/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf1/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/average` | `42` |
+| `traefik/http/middlewares/Middleware17/rateLimit/burst` | `42` |
+| `traefik/http/middlewares/Middleware17/rateLimit/period` | `42s` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/requestHost` | `true` |
+| `traefik/http/middlewares/Middleware18/redirectRegex/permanent` | `true` |
+| `traefik/http/middlewares/Middleware18/redirectRegex/regex` | `foobar` |
+| `traefik/http/middlewares/Middleware18/redirectRegex/replacement` | `foobar` |
+| `traefik/http/middlewares/Middleware19/redirectScheme/permanent` | `true` |
+| `traefik/http/middlewares/Middleware19/redirectScheme/port` | `foobar` |
+| `traefik/http/middlewares/Middleware19/redirectScheme/scheme` | `foobar` |
+| `traefik/http/middlewares/Middleware20/replacePath/path` | `foobar` |
+| `traefik/http/middlewares/Middleware21/replacePathRegex/regex` | `foobar` |
+| `traefik/http/middlewares/Middleware21/replacePathRegex/replacement` | `foobar` |
+| `traefik/http/middlewares/Middleware22/retry/attempts` | `42` |
+| `traefik/http/middlewares/Middleware22/retry/initialInterval` | `42s` |
+| `traefik/http/middlewares/Middleware23/stripPrefix/forceSlash` | `true` |
+| `traefik/http/middlewares/Middleware23/stripPrefix/prefixes/0` | `foobar` |
+| `traefik/http/middlewares/Middleware23/stripPrefix/prefixes/1` | `foobar` |
+| `traefik/http/middlewares/Middleware24/stripPrefixRegex/regex/0` | `foobar` |
+| `traefik/http/middlewares/Middleware24/stripPrefixRegex/regex/1` | `foobar` |
 | `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
 | `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
 | `traefik/http/routers/Router0/middlewares/0` | `foobar` |
@@ -202,47 +214,49 @@
 | `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` |
 | `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` |
 | `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/followRedirects` | `true` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name0` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name1` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/hostname` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/interval` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/method` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/path` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/port` | `42` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/scheme` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/timeout` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/passHostHeader` | `true` |
-| `traefik/http/services/Service01/loadBalancer/responseForwarding/flushInterval` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/servers/0/url` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/servers/1/url` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/serversTransport` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/secure` | `true` |
-| `traefik/http/services/Service02/mirroring/healthCheck` | `` |
-| `traefik/http/services/Service02/mirroring/maxBodySize` | `42` |
-| `traefik/http/services/Service02/mirroring/mirrors/0/name` | `foobar` |
-| `traefik/http/services/Service02/mirroring/mirrors/0/percent` | `42` |
-| `traefik/http/services/Service02/mirroring/mirrors/1/name` | `foobar` |
-| `traefik/http/services/Service02/mirroring/mirrors/1/percent` | `42` |
-| `traefik/http/services/Service02/mirroring/service` | `foobar` |
-| `traefik/http/services/Service03/weighted/healthCheck` | `` |
-| `traefik/http/services/Service03/weighted/services/0/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/0/weight` | `42` |
-| `traefik/http/services/Service03/weighted/services/1/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/1/weight` | `42` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/secure` | `true` |
-| `traefik/http/services/Service04/failover/fallback` | `foobar` |
-| `traefik/http/services/Service04/failover/healthCheck` | `` |
-| `traefik/http/services/Service04/failover/service` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
+| `traefik/http/services/Service01/failover/fallback` | `foobar` |
+| `traefik/http/services/Service01/failover/healthCheck` | `` |
+| `traefik/http/services/Service01/failover/service` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects` | `true` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/hostname` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/interval` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/method` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/path` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/port` | `42` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
+| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/name` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/secure` | `true` |
+| `traefik/http/services/Service03/mirroring/healthCheck` | `` |
+| `traefik/http/services/Service03/mirroring/maxBodySize` | `42` |
+| `traefik/http/services/Service03/mirroring/mirrors/0/name` | `foobar` |
+| `traefik/http/services/Service03/mirroring/mirrors/0/percent` | `42` |
+| `traefik/http/services/Service03/mirroring/mirrors/1/name` | `foobar` |
+| `traefik/http/services/Service03/mirroring/mirrors/1/percent` | `42` |
+| `traefik/http/services/Service03/mirroring/service` | `foobar` |
+| `traefik/http/services/Service04/weighted/healthCheck` | `` |
+| `traefik/http/services/Service04/weighted/services/0/name` | `foobar` |
+| `traefik/http/services/Service04/weighted/services/0/weight` | `42` |
+| `traefik/http/services/Service04/weighted/services/1/name` | `foobar` |
+| `traefik/http/services/Service04/weighted/services/1/weight` | `42` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/httpOnly` | `true` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/name` | `foobar` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/sameSite` | `foobar` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/secure` | `true` |
+| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount` | `42` |
 | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` |

docs/content/reference/dynamic-configuration/marathon-labels.json

@@ -1,126 +1,136 @@
-"traefik.http.middlewares.middleware00.addprefix.prefix": "foobar",
-"traefik.http.middlewares.middleware01.basicauth.headerfield": "foobar",
-"traefik.http.middlewares.middleware01.basicauth.realm": "foobar",
-"traefik.http.middlewares.middleware01.basicauth.removeheader": "true",
-"traefik.http.middlewares.middleware01.basicauth.users": "foobar, foobar",
-"traefik.http.middlewares.middleware01.basicauth.usersfile": "foobar",
-"traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.memrequestbodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.memresponsebodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.retryexpression": "foobar",
-"traefik.http.middlewares.middleware03.chain.middlewares": "foobar, foobar",
-"traefik.http.middlewares.middleware04.circuitbreaker.expression": "foobar",
-"traefik.http.middlewares.middleware04.circuitbreaker.checkperiod": "42s",
-"traefik.http.middlewares.middleware04.circuitbreaker.fallbackduration": "42s",
-"traefik.http.middlewares.middleware04.circuitbreaker.recoveryduration": "42s",
-"traefik.http.middlewares.middleware05.compress": "true",
-"traefik.http.middlewares.middleware05.compress.excludedcontenttypes": "foobar, foobar",
-"traefik.http.middlewares.middleware05.compress.minresponsebodybytes": "42",
-"traefik.http.middlewares.middleware06.contenttype.autodetect": "true",
-"traefik.http.middlewares.middleware07.digestauth.headerfield": "foobar",
-"traefik.http.middlewares.middleware07.digestauth.realm": "foobar",
-"traefik.http.middlewares.middleware07.digestauth.removeheader": "true",
-"traefik.http.middlewares.middleware07.digestauth.users": "foobar, foobar",
-"traefik.http.middlewares.middleware07.digestauth.usersfile": "foobar",
-"traefik.http.middlewares.middleware08.errors.query": "foobar",
-"traefik.http.middlewares.middleware08.errors.service": "foobar",
-"traefik.http.middlewares.middleware08.errors.status": "foobar, foobar",
-"traefik.http.middlewares.middleware09.forwardauth.address": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.authrequestheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
-"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
-"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.trustforwardheader": "true",
-"traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials": "true",
-"traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlistregex": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolmaxage": "42",
-"traefik.http.middlewares.middleware10.headers.addvaryheader": "true",
-"traefik.http.middlewares.middleware10.headers.allowedhosts": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.browserxssfilter": "true",
-"traefik.http.middlewares.middleware10.headers.contentsecuritypolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.contenttypenosniff": "true",
-"traefik.http.middlewares.middleware10.headers.custombrowserxssvalue": "foobar",
-"traefik.http.middlewares.middleware10.headers.customframeoptionsvalue": "foobar",
-"traefik.http.middlewares.middleware10.headers.customrequestheaders.name0": "foobar",
-"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
-"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
-"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
-"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
-"traefik.http.middlewares.middleware10.headers.framedeny": "true",
-"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.isdevelopment": "true",
-"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.publickey": "foobar",
-"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
-"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
-"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
-"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
-"traefik.http.middlewares.middleware10.headers.stspreload": "true",
-"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
-"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar",
-"traefik.http.middlewares.middleware12.inflightreq.amount": "42",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.sans": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organizationalunit": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.pem": "true",
-"traefik.http.middlewares.middleware14.plugin.foobar.foo": "bar",
-"traefik.http.middlewares.middleware15.ratelimit.average": "42",
-"traefik.http.middlewares.middleware15.ratelimit.burst": "42",
-"traefik.http.middlewares.middleware15.ratelimit.period": "42",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware16.redirectregex.permanent": "true",
-"traefik.http.middlewares.middleware16.redirectregex.regex": "foobar",
-"traefik.http.middlewares.middleware16.redirectregex.replacement": "foobar",
-"traefik.http.middlewares.middleware17.redirectscheme.permanent": "true",
-"traefik.http.middlewares.middleware17.redirectscheme.port": "foobar",
-"traefik.http.middlewares.middleware17.redirectscheme.scheme": "foobar",
-"traefik.http.middlewares.middleware18.replacepath.path": "foobar",
-"traefik.http.middlewares.middleware19.replacepathregex.regex": "foobar",
-"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
-"traefik.http.middlewares.middleware20.retry.attempts": "42",
-"traefik.http.middlewares.middleware20.retry.initialinterval": "42",
-"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
-"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
-"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
+// CODE GENERATED AUTOMATICALLY
+// THIS FILE MUST NOT BE EDITED BY HAND
+"traefik.http.middlewares.middleware01.addprefix.prefix": "foobar",
+"traefik.http.middlewares.middleware02.basicauth.headerfield": "foobar",
+"traefik.http.middlewares.middleware02.basicauth.realm": "foobar",
+"traefik.http.middlewares.middleware02.basicauth.removeheader": "true",
+"traefik.http.middlewares.middleware02.basicauth.users": "foobar, foobar",
+"traefik.http.middlewares.middleware02.basicauth.usersfile": "foobar",
+"traefik.http.middlewares.middleware03.buffering.maxrequestbodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.maxresponsebodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.memrequestbodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.memresponsebodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.retryexpression": "foobar",
+"traefik.http.middlewares.middleware04.chain.middlewares": "foobar, foobar",
+"traefik.http.middlewares.middleware05.circuitbreaker.checkperiod": "42s",
+"traefik.http.middlewares.middleware05.circuitbreaker.expression": "foobar",
+"traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration": "42s",
+"traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration": "42s",
+"traefik.http.middlewares.middleware06.compress": "true",
+"traefik.http.middlewares.middleware06.compress.excludedcontenttypes": "foobar, foobar",
+"traefik.http.middlewares.middleware06.compress.minresponsebodybytes": "42",
+"traefik.http.middlewares.middleware07.contenttype.autodetect": "true",
+"traefik.http.middlewares.middleware08.digestauth.headerfield": "foobar",
+"traefik.http.middlewares.middleware08.digestauth.realm": "foobar",
+"traefik.http.middlewares.middleware08.digestauth.removeheader": "true",
+"traefik.http.middlewares.middleware08.digestauth.users": "foobar, foobar",
+"traefik.http.middlewares.middleware08.digestauth.usersfile": "foobar",
+"traefik.http.middlewares.middleware09.errors.query": "foobar",
+"traefik.http.middlewares.middleware09.errors.service": "foobar",
+"traefik.http.middlewares.middleware09.errors.status": "foobar, foobar",
+"traefik.http.middlewares.middleware10.forwardauth.address": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.authrequestheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.forwardauth.authresponseheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.tls.ca": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.tls.caoptional": "true",
+"traefik.http.middlewares.middleware10.forwardauth.tls.cert": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify": "true",
+"traefik.http.middlewares.middleware10.forwardauth.tls.key": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.trustforwardheader": "true",
+"traefik.http.middlewares.middleware11.headers.accesscontrolallowcredentials": "true",
+"traefik.http.middlewares.middleware11.headers.accesscontrolallowheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolallowmethods": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlist": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlistregex": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolexposeheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolmaxage": "42",
+"traefik.http.middlewares.middleware11.headers.addvaryheader": "true",
+"traefik.http.middlewares.middleware11.headers.allowedhosts": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.browserxssfilter": "true",
+"traefik.http.middlewares.middleware11.headers.contentsecuritypolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.contenttypenosniff": "true",
+"traefik.http.middlewares.middleware11.headers.custombrowserxssvalue": "foobar",
+"traefik.http.middlewares.middleware11.headers.customframeoptionsvalue": "foobar",
+"traefik.http.middlewares.middleware11.headers.customrequestheaders.name0": "foobar",
+"traefik.http.middlewares.middleware11.headers.customrequestheaders.name1": "foobar",
+"traefik.http.middlewares.middleware11.headers.customresponseheaders.name0": "foobar",
+"traefik.http.middlewares.middleware11.headers.customresponseheaders.name1": "foobar",
+"traefik.http.middlewares.middleware11.headers.featurepolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.forcestsheader": "true",
+"traefik.http.middlewares.middleware11.headers.framedeny": "true",
+"traefik.http.middlewares.middleware11.headers.hostsproxyheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.isdevelopment": "true",
+"traefik.http.middlewares.middleware11.headers.permissionspolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.publickey": "foobar",
+"traefik.http.middlewares.middleware11.headers.referrerpolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslforcehost": "true",
+"traefik.http.middlewares.middleware11.headers.sslhost": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslproxyheaders.name0": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslproxyheaders.name1": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslredirect": "true",
+"traefik.http.middlewares.middleware11.headers.ssltemporaryredirect": "true",
+"traefik.http.middlewares.middleware11.headers.stsincludesubdomains": "true",
+"traefik.http.middlewares.middleware11.headers.stspreload": "true",
+"traefik.http.middlewares.middleware11.headers.stsseconds": "42",
+"traefik.http.middlewares.middleware12.ipallowlist.ipstrategy": "true",
+"traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware12.ipallowlist.sourcerange": "foobar, foobar",
+"traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy": "true",
+"traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware13.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.http.middlewares.middleware14.inflightreq.amount": "42",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.commonname": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.country": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.domaincomponent": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.locality": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.organization": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.province": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.serialnumber": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.notafter": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.notbefore": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.sans": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.serialnumber": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.commonname": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.country": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.domaincomponent": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.locality": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organization": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organizationalunit": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.province": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.serialnumber": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.pem": "true",
+"traefik.http.middlewares.middleware16.plugin.pluginconf0.name0": "foobar",
+"traefik.http.middlewares.middleware16.plugin.pluginconf0.name1": "foobar",
+"traefik.http.middlewares.middleware16.plugin.pluginconf1.name0": "foobar",
+"traefik.http.middlewares.middleware16.plugin.pluginconf1.name1": "foobar",
+"traefik.http.middlewares.middleware17.ratelimit.average": "42",
+"traefik.http.middlewares.middleware17.ratelimit.burst": "42",
+"traefik.http.middlewares.middleware17.ratelimit.period": "42s",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware18.redirectregex.permanent": "true",
+"traefik.http.middlewares.middleware18.redirectregex.regex": "foobar",
+"traefik.http.middlewares.middleware18.redirectregex.replacement": "foobar",
+"traefik.http.middlewares.middleware19.redirectscheme.permanent": "true",
+"traefik.http.middlewares.middleware19.redirectscheme.port": "foobar",
+"traefik.http.middlewares.middleware19.redirectscheme.scheme": "foobar",
+"traefik.http.middlewares.middleware20.replacepath.path": "foobar",
+"traefik.http.middlewares.middleware21.replacepathregex.regex": "foobar",
+"traefik.http.middlewares.middleware21.replacepathregex.replacement": "foobar",
+"traefik.http.middlewares.middleware22.retry.attempts": "42",
+"traefik.http.middlewares.middleware22.retry.initialinterval": "42s",
+"traefik.http.middlewares.middleware23.stripprefix.forceslash": "true",
+"traefik.http.middlewares.middleware23.stripprefix.prefixes": "foobar, foobar",
+"traefik.http.middlewares.middleware24.stripprefixregex.regex": "foobar, foobar",
 "traefik.http.routers.router0.entrypoints": "foobar, foobar",
 "traefik.http.routers.router0.middlewares": "foobar, foobar",
 "traefik.http.routers.router0.priority": "42",
@@ -145,32 +155,34 @@
 "traefik.http.routers.router1.tls.domains[1].main": "foobar",
 "traefik.http.routers.router1.tls.domains[1].sans": "foobar, foobar",
 "traefik.http.routers.router1.tls.options": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.followredirects": "true",
-"traefik.http.services.service01.loadbalancer.healthcheck.headers.name0": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.headers.name1": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.hostname": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.interval": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.path": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.method": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.port": "42",
-"traefik.http.services.service01.loadbalancer.healthcheck.scheme": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.timeout": "foobar",
-"traefik.http.services.service01.loadbalancer.passhostheader": "true",
-"traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval": "foobar",
-"traefik.http.services.service01.loadbalancer.serverstransport": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie": "true",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.name": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.samesite": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
-"traefik.http.services.service01.loadbalancer.server.port": "foobar",
-"traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
-"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar",
-"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
+"traefik.http.services.service02.loadbalancer.healthcheck.followredirects": "true",
+"traefik.http.services.service02.loadbalancer.healthcheck.headers.name0": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.headers.name1": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.hostname": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.interval": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.method": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.path": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.port": "42",
+"traefik.http.services.service02.loadbalancer.healthcheck.scheme": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.timeout": "foobar",
+"traefik.http.services.service02.loadbalancer.passhostheader": "true",
+"traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval": "foobar",
+"traefik.http.services.service02.loadbalancer.serverstransport": "foobar",
+"traefik.http.services.service02.loadbalancer.sticky": "true",
+"traefik.http.services.service02.loadbalancer.sticky.cookie": "true",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.httponly": "true",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.name": "foobar",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.samesite": "foobar",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.secure": "true",
+"traefik.http.services.service02.loadbalancer.server.port": "foobar",
+"traefik.http.services.service02.loadbalancer.server.scheme": "foobar",
+"traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange": "foobar, foobar",
+"traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount": "42",
 "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
 "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",
-"traefik.tcp.routers.tcprouter0.rule": "foobar",
 "traefik.tcp.routers.tcprouter0.priority": "42",
+"traefik.tcp.routers.tcprouter0.rule": "foobar",
 "traefik.tcp.routers.tcprouter0.service": "foobar",
 "traefik.tcp.routers.tcprouter0.tls": "true",
 "traefik.tcp.routers.tcprouter0.tls.certresolver": "foobar",
@@ -182,8 +194,8 @@
 "traefik.tcp.routers.tcprouter0.tls.passthrough": "true",
 "traefik.tcp.routers.tcprouter1.entrypoints": "foobar, foobar",
 "traefik.tcp.routers.tcprouter1.middlewares": "foobar, foobar",
-"traefik.tcp.routers.tcprouter1.rule": "foobar",
 "traefik.tcp.routers.tcprouter1.priority": "42",
+"traefik.tcp.routers.tcprouter1.rule": "foobar",
 "traefik.tcp.routers.tcprouter1.service": "foobar",
 "traefik.tcp.routers.tcprouter1.tls": "true",
 "traefik.tcp.routers.tcprouter1.tls.certresolver": "foobar",
@@ -193,21 +205,18 @@
 "traefik.tcp.routers.tcprouter1.tls.domains[1].sans": "foobar, foobar",
 "traefik.tcp.routers.tcprouter1.tls.options": "foobar",
 "traefik.tcp.routers.tcprouter1.tls.passthrough": "true",
+"traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol": "true",
 "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version": "42",
 "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay": "42",
 "traefik.tcp.services.tcpservice01.loadbalancer.server.port": "foobar",
+"traefik.tls.stores.store0.defaultgeneratedcert.domain.main": "foobar",
+"traefik.tls.stores.store0.defaultgeneratedcert.domain.sans": "foobar, foobar",
+"traefik.tls.stores.store0.defaultgeneratedcert.resolver": "foobar",
+"traefik.tls.stores.store1.defaultgeneratedcert.domain.main": "foobar",
+"traefik.tls.stores.store1.defaultgeneratedcert.domain.sans": "foobar, foobar",
+"traefik.tls.stores.store1.defaultgeneratedcert.resolver": "foobar",
 "traefik.udp.routers.udprouter0.entrypoints": "foobar, foobar",
 "traefik.udp.routers.udprouter0.service": "foobar",
 "traefik.udp.routers.udprouter1.entrypoints": "foobar, foobar",
 "traefik.udp.routers.udprouter1.service": "foobar",
 "traefik.udp.services.udpservice01.loadbalancer.server.port": "foobar",
-"traefik.tls.stores.Store0.defaultcertificate.certfile": "foobar",
-"traefik.tls.stores.Store0.defaultcertificate.keyfile": "foobar",
-"traefik.tls.stores.Store0.defaultgeneratedcert.domain.main": "foobar",
-"traefik.tls.stores.Store0.defaultgeneratedcert.domain.sans": "foobar, foobar",
-"traefik.tls.stores.Store0.defaultgeneratedcert.resolver": "foobar",
-"traefik.tls.stores.Store1.defaultcertificate.certfile": "foobar",
-"traefik.tls.stores.Store1.defaultcertificate.keyfile": "foobar",
-"traefik.tls.stores.Store1.defaultgeneratedcert.domain.main": "foobar",
-"traefik.tls.stores.Store1.defaultgeneratedcert.domain.sans": "foobar, foobar",
-"traefik.tls.stores.Store1.defaultgeneratedcert.resolver": "foobar",

docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ingressroutes.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -20,14 +20,19 @@ spec:
         description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,10 +40,11 @@ spec:
             description: IngressRouteSpec defines the desired state of IngressRoute.
             properties:
               entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                 items:
                   type: string
                 type: array
@@ -48,17 +54,21 @@ spec:
                   description: Route holds the HTTP route configuration.
                   properties:
                     kind:
-                      description: Kind defines the kind of the route. Rule is the
-                        only supported kind.
+                      description: |-
+                        Kind defines the kind of the route.
+                        Rule is the only supported kind.
                       enum:
                       - Rule
                       type: string
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
                       type: string
                     middlewares:
-                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      description: |-
+                        Middlewares defines the list of references to Middleware resources.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
                       items:
                         description: MiddlewareRef is a reference to a Middleware
                           resource.
@@ -76,13 +86,14 @@ spec:
                         type: object
                       type: array
                     priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
                       type: integer
                     services:
-                      description: Services defines the list of Service. It can contain
-                        any combination of TraefikService and/or reference to a Kubernetes
-                        Service.
+                      description: |-
+                        Services defines the list of Service.
+                        It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
                       items:
                         description: Service defines an upstream HTTP service to proxy
                           traffic to.
@@ -94,31 +105,32 @@ spec:
                             - TraefikService
                             type: string
                           name:
-                            description: Name defines the name of the referenced Kubernetes
-                              Service or TraefikService. The differentiation between
-                              the two is specified in the Kind field.
+                            description: |-
+                              Name defines the name of the referenced Kubernetes Service or TraefikService.
+                              The differentiation between the two is specified in the Kind field.
                             type: string
                           namespace:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service or TraefikService.
                             type: string
                           nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                             type: boolean
                           passHostHeader:
-                            description: PassHostHeader defines whether the client
-                              Host header is forwarded to the upstream Kubernetes
-                              Service. By default, passHostHeader is true.
+                            description: |-
+                              PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                              By default, passHostHeader is true.
                             type: boolean
                           port:
                             anyOf:
                             - type: integer
                             - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                               This can be a reference to a named port.
                             x-kubernetes-int-or-string: true
                           responseForwarding:
@@ -127,30 +139,29 @@ spec:
                               the client.
                             properties:
                               flushInterval:
-                                description: 'FlushInterval defines the interval,
-                                  in milliseconds, in between flushes to the client
-                                  while copying the response body. A negative value
-                                  means to flush immediately after each write to the
-                                  client. This configuration is ignored when ReverseProxy
-                                  recognizes a response as a streaming response; for
-                                  such responses, writes are flushed to the client
-                                  immediately. Default: 100ms'
+                                description: |-
+                                  FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                  A negative value means to flush immediately after each write to the client.
+                                  This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                  for such responses, writes are flushed to the client immediately.
+                                  Default: 100ms
                                 type: string
                             type: object
                           scheme:
-                            description: Scheme defines the scheme to use for the
-                              request to the upstream Kubernetes Service. It defaults
-                              to https when Kubernetes Service port is 443, http otherwise.
+                            description: |-
+                              Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                              It defaults to https when Kubernetes Service port is 443, http otherwise.
                             type: string
                           serversTransport:
-                            description: ServersTransport defines the name of ServersTransport
-                              resource to use. It allows to configure the transport
-                              between Traefik and your servers. Can only be used on
-                              a Kubernetes Service.
+                            description: |-
+                              ServersTransport defines the name of ServersTransport resource to use.
+                              It allows to configure the transport between Traefik and your servers.
+                              Can only be used on a Kubernetes Service.
                             type: string
                           sticky:
-                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            description: |-
+                              Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                             properties:
                               cookie:
                                 description: Cookie defines the sticky cookie configuration.
@@ -164,8 +175,9 @@ spec:
                                     description: Name defines the Cookie name.
                                     type: string
                                   sameSite:
-                                    description: 'SameSite defines the same site policy.
-                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    description: |-
+                                      SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                     type: string
                                   secure:
                                     description: Secure defines whether the cookie
@@ -175,15 +187,14 @@ spec:
                                 type: object
                             type: object
                           strategy:
-                            description: Strategy defines the load balancing strategy
-                              between the servers. RoundRobin is the only supported
-                              value at the moment.
+                            description: |-
+                              Strategy defines the load balancing strategy between the servers.
+                              RoundRobin is the only supported value at the moment.
                             type: string
                           weight:
-                            description: Weight defines the weight and should only
-                              be specified when Name references a TraefikService object
-                              (and to be precise, one that embeds a Weighted Round
-                              Robin).
+                            description: |-
+                              Weight defines the weight and should only be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round Robin).
                             type: integer
                         required:
                         - name
@@ -195,16 +206,20 @@ spec:
                   type: object
                 type: array
               tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                description: |-
+                  TLS defines the TLS configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
                 properties:
                   certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                     type: string
                   domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -220,17 +235,20 @@ spec:
                       type: object
                     type: array
                   options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                     properties:
                       name:
-                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                       namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                     required:
                     - name
@@ -240,17 +258,19 @@ spec:
                       Secret to specify the certificate details.
                     type: string
                   store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                     properties:
                       name:
-                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                       namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                     required:
                     - name

docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ingressroutetcps.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -20,14 +20,19 @@ spec:
         description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,10 +40,11 @@ spec:
             description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
             properties:
               entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                 items:
                   type: string
                 type: array
@@ -48,7 +54,9 @@ spec:
                   description: RouteTCP holds the TCP route configuration.
                   properties:
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
                       type: string
                     middlewares:
                       description: Middlewares defines the list of references to MiddlewareTCP
@@ -70,8 +78,9 @@ spec:
                         type: object
                       type: array
                     priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
                       type: integer
                     services:
                       description: Services defines the list of TCP services.
@@ -88,22 +97,24 @@ spec:
                               Kubernetes Service.
                             type: string
                           nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                             type: boolean
                           port:
                             anyOf:
                             - type: integer
                             - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                               This can be a reference to a named port.
                             x-kubernetes-int-or-string: true
                           proxyProtocol:
-                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            description: |-
+                              ProxyProtocol defines the PROXY protocol configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
                             properties:
                               version:
                                 description: Version defines the PROXY Protocol version
@@ -111,13 +122,12 @@ spec:
                                 type: integer
                             type: object
                           terminationDelay:
-                            description: TerminationDelay defines the deadline that
-                              the proxy sets, after one of its connected peers indicates
-                              it has closed the writing capability of its connection,
-                              to close the reading capability as well, hence fully
-                              terminating the connection. It is a duration in milliseconds,
-                              defaulting to 100. A negative value means an infinite
-                              deadline (i.e. the reading capability is never closed).
+                            description: |-
+                              TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection, to close the reading capability as well,
+                              hence fully terminating the connection.
+                              It is a duration in milliseconds, defaulting to 100.
+                              A negative value means an infinite deadline (i.e. the reading capability is never closed).
                             type: integer
                           weight:
                             description: Weight defines the weight used when balancing
@@ -133,17 +143,20 @@ spec:
                   type: object
                 type: array
               tls:
-                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                description: |-
+                  TLS defines the TLS configuration on a layer 4 / TCP Route.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
                 properties:
                   certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                     type: string
                   domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -159,9 +172,10 @@ spec:
                       type: object
                     type: array
                   options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik
@@ -183,9 +197,9 @@ spec:
                       Secret to specify the certificate details.
                     type: string
                   store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik

docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ingressrouteudps.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -20,14 +20,19 @@ spec:
         description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,10 +40,11 @@ spec:
             description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
             properties:
               entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                 items:
                   type: string
                 type: array
@@ -62,17 +68,18 @@ spec:
                               Kubernetes Service.
                             type: string
                           nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                             type: boolean
                           port:
                             anyOf:
                             - type: integer
                             - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                               This can be a reference to a named port.
                             x-kubernetes-int-or-string: true
                           weight:

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: middlewares.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -17,18 +17,24 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        description: |-
+          Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -36,33 +42,37 @@ spec:
             description: MiddlewareSpec defines the desired state of a Middleware.
             properties:
               addPrefix:
-                description: 'AddPrefix holds the add prefix middleware configuration.
-                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                description: |-
+                  AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding it.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
                 properties:
                   prefix:
-                    description: Prefix is the string to add before the current path
-                      in the requested URL. It should include a leading slash (/).
+                    description: |-
+                      Prefix is the string to add before the current path in the requested URL.
+                      It should include a leading slash (/).
                     type: string
                 type: object
               basicAuth:
-                description: 'BasicAuth holds the basic auth middleware configuration.
+                description: |-
+                  BasicAuth holds the basic auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
                 properties:
                   headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                     type: string
                   realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                     type: string
                   removeHeader:
-                    description: 'RemoveHeader sets the removeHeader option to true
-                      to remove the authorization header before forwarding the request
-                      to your service. Default: false.'
+                    description: |-
+                      RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+                      Default: false.
                     type: boolean
                   secret:
                     description: Secret is the name of the referenced Kubernetes Secret
@@ -70,48 +80,49 @@ spec:
                     type: string
                 type: object
               buffering:
-                description: 'Buffering holds the buffering middleware configuration.
-                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                description: |-
+                  Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can be forwarded to backends.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
                 properties:
                   maxRequestBodyBytes:
-                    description: 'MaxRequestBodyBytes defines the maximum allowed
-                      body size for the request (in bytes). If the request exceeds
-                      the allowed size, it is not forwarded to the service, and the
-                      client gets a 413 (Request Entity Too Large) response. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
+                      If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
+                      Default: 0 (no maximum).
                     format: int64
                     type: integer
                   maxResponseBodyBytes:
-                    description: 'MaxResponseBodyBytes defines the maximum allowed
-                      response size from the service (in bytes). If the response exceeds
-                      the allowed size, it is not forwarded to the client. The client
-                      gets a 500 (Internal Server Error) response instead. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
+                      If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
+                      Default: 0 (no maximum).
                     format: int64
                     type: integer
                   memRequestBodyBytes:
-                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
-                      from which the request will be buffered on disk instead of in
-                      memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                     format: int64
                     type: integer
                   memResponseBodyBytes:
-                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
-                      from which the response will be buffered on disk instead of
-                      in memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                     format: int64
                     type: integer
                   retryExpression:
-                    description: 'RetryExpression defines the retry conditions. It
-                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    description: |-
+                      RetryExpression defines the retry conditions.
+                      It is a logical combination of functions with operators AND (&&) and OR (||).
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
                     type: string
                 type: object
               chain:
-                description: 'Chain holds the configuration of the chain middleware.
-                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                description: |-
+                  Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other pieces of middleware.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
                 properties:
                   middlewares:
                     description: Middlewares is the list of MiddlewareRef which composes
@@ -163,9 +174,10 @@ spec:
                     x-kubernetes-int-or-string: true
                 type: object
               compress:
-                description: 'Compress holds the compress middleware configuration.
-                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                description: |-
+                  Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the client, using gzip compression.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
                 properties:
                   excludedContentTypes:
                     description: ExcludedContentTypes defines the list of content
@@ -175,40 +187,40 @@ spec:
                       type: string
                     type: array
                   minResponseBodyBytes:
-                    description: 'MinResponseBodyBytes defines the minimum amount
-                      of bytes a response body must have to be compressed. Default:
-                      1024.'
+                    description: |-
+                      MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
+                      Default: 1024.
                     type: integer
                 type: object
               contentType:
-                description: ContentType holds the content-type middleware configuration.
-                  This middleware exists to enable the correct behavior until at least
-                  the default one can be changed in a future version.
+                description: |-
+                  ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
                 properties:
                   autoDetect:
-                    description: AutoDetect specifies whether to let the `Content-Type`
-                      header, if it has not been set by the backend, be automatically
-                      set to a value derived from the contents of the response. As
-                      a proxy, the default behavior should be to leave the header
-                      alone, regardless of what the backend did with it. However,
-                      the historic default was to always auto-detect and set the header
-                      if it was nil, and it is going to be kept that way in order
-                      to support users currently relying on it.
+                    description: |-
+                      AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
+                      be automatically set to a value derived from the contents of the response.
+                      As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
+                      However, the historic default was to always auto-detect and set the header if it was nil,
+                      and it is going to be kept that way in order to support users currently relying on it.
                     type: boolean
                 type: object
               digestAuth:
-                description: 'DigestAuth holds the digest auth middleware configuration.
+                description: |-
+                  DigestAuth holds the digest auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
                 properties:
                   headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                     type: string
                   realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                     type: string
                   removeHeader:
                     description: RemoveHeader defines whether to remove the authorization
@@ -220,18 +232,20 @@ spec:
                     type: string
                 type: object
               errors:
-                description: 'ErrorPage holds the custom error middleware configuration.
-                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                description: |-
+                  ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
                 properties:
                   query:
-                    description: Query defines the URL for the error page (hosted
-                      by service). The {status} variable can be used in order to insert
-                      the status code in the URL.
+                    description: |-
+                      Query defines the URL for the error page (hosted by service).
+                      The {status} variable can be used in order to insert the status code in the URL.
                     type: string
                   service:
-                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    description: |-
+                      Service defines the reference to a Kubernetes Service that will serve the error page.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
                     properties:
                       kind:
                         description: Kind defines the kind of the Service.
@@ -240,31 +254,32 @@ spec:
                         - TraefikService
                         type: string
                       name:
-                        description: Name defines the name of the referenced Kubernetes
-                          Service or TraefikService. The differentiation between the
-                          two is specified in the Kind field.
+                        description: |-
+                          Name defines the name of the referenced Kubernetes Service or TraefikService.
+                          The differentiation between the two is specified in the Kind field.
                         type: string
                       namespace:
                         description: Namespace defines the namespace of the referenced
                           Kubernetes Service or TraefikService.
                         type: string
                       nativeLB:
-                        description: NativeLB controls, when creating the load-balancer,
-                          whether the LB's children are directly the pods IPs or if
-                          the only child is the Kubernetes Service clusterIP. The
-                          Kubernetes Service itself does load-balance to the pods.
+                        description: |-
+                          NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                          The Kubernetes Service itself does load-balance to the pods.
                           By default, NativeLB is false.
                         type: boolean
                       passHostHeader:
-                        description: PassHostHeader defines whether the client Host
-                          header is forwarded to the upstream Kubernetes Service.
+                        description: |-
+                          PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                           By default, passHostHeader is true.
                         type: boolean
                       port:
                         anyOf:
                         - type: integer
                         - type: string
-                        description: Port defines the port of a Kubernetes Service.
+                        description: |-
+                          Port defines the port of a Kubernetes Service.
                           This can be a reference to a named port.
                         x-kubernetes-int-or-string: true
                       responseForwarding:
@@ -273,29 +288,29 @@ spec:
                           client.
                         properties:
                           flushInterval:
-                            description: 'FlushInterval defines the interval, in milliseconds,
-                              in between flushes to the client while copying the response
-                              body. A negative value means to flush immediately after
-                              each write to the client. This configuration is ignored
-                              when ReverseProxy recognizes a response as a streaming
-                              response; for such responses, writes are flushed to
-                              the client immediately. Default: 100ms'
+                            description: |-
+                              FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                              A negative value means to flush immediately after each write to the client.
+                              This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                              for such responses, writes are flushed to the client immediately.
+                              Default: 100ms
                             type: string
                         type: object
                       scheme:
-                        description: Scheme defines the scheme to use for the request
-                          to the upstream Kubernetes Service. It defaults to https
-                          when Kubernetes Service port is 443, http otherwise.
+                        description: |-
+                          Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                          It defaults to https when Kubernetes Service port is 443, http otherwise.
                         type: string
                       serversTransport:
-                        description: ServersTransport defines the name of ServersTransport
-                          resource to use. It allows to configure the transport between
-                          Traefik and your servers. Can only be used on a Kubernetes
-                          Service.
+                        description: |-
+                          ServersTransport defines the name of ServersTransport resource to use.
+                          It allows to configure the transport between Traefik and your servers.
+                          Can only be used on a Kubernetes Service.
                         type: string
                       sticky:
-                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        description: |-
+                          Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                         properties:
                           cookie:
                             description: Cookie defines the sticky cookie configuration.
@@ -308,8 +323,9 @@ spec:
                                 description: Name defines the Cookie name.
                                 type: string
                               sameSite:
-                                description: 'SameSite defines the same site policy.
-                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                description: |-
+                                  SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                 type: string
                               secure:
                                 description: Secure defines whether the cookie can
@@ -319,40 +335,42 @@ spec:
                             type: object
                         type: object
                       strategy:
-                        description: Strategy defines the load balancing strategy
-                          between the servers. RoundRobin is the only supported value
-                          at the moment.
+                        description: |-
+                          Strategy defines the load balancing strategy between the servers.
+                          RoundRobin is the only supported value at the moment.
                         type: string
                       weight:
-                        description: Weight defines the weight and should only be
-                          specified when Name references a TraefikService object (and
-                          to be precise, one that embeds a Weighted Round Robin).
+                        description: |-
+                          Weight defines the weight and should only be specified when Name references a TraefikService object
+                          (and to be precise, one that embeds a Weighted Round Robin).
                         type: integer
                     required:
                     - name
                     type: object
                   status:
-                    description: Status defines which status or range of statuses
-                      should result in an error page. It can be either a status code
-                      as a number (500), as multiple comma-separated numbers (500,502),
-                      as ranges by separating two codes with a dash (500-599), or
-                      a combination of the two (404,418,500-599).
+                    description: |-
+                      Status defines which status or range of statuses should result in an error page.
+                      It can be either a status code as a number (500),
+                      as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599),
+                      or a combination of the two (404,418,500-599).
                     items:
                       type: string
                     type: array
                 type: object
               forwardAuth:
-                description: 'ForwardAuth holds the forward auth middleware configuration.
+                description: |-
+                  ForwardAuth holds the forward auth middleware configuration.
                   This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
                 properties:
                   address:
                     description: Address defines the authentication server address.
                     type: string
                   authRequestHeaders:
-                    description: AuthRequestHeaders defines the list of the headers
-                      to copy from the request to the authentication server. If not
-                      set or empty then all request headers are passed.
+                    description: |-
+                      AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+                      If not set or empty then all request headers are passed.
                     items:
                       type: string
                     type: array
@@ -364,10 +382,9 @@ spec:
                       type: string
                     type: array
                   authResponseHeadersRegex:
-                    description: 'AuthResponseHeadersRegex defines the regex to match
-                      headers to copy from the authentication server response and
-                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    description: |-
+                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
                     type: string
                   tls:
                     description: TLS defines the configuration used to secure the
@@ -376,14 +393,14 @@ spec:
                       caOptional:
                         type: boolean
                       caSecret:
-                        description: CASecret is the name of the referenced Kubernetes
-                          Secret containing the CA to validate the server certificate.
+                        description: |-
+                          CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
                           The CA certificate is extracted from key `tls.ca` or `ca.crt`.
                         type: string
                       certSecret:
-                        description: CertSecret is the name of the referenced Kubernetes
-                          Secret containing the client certificate. The client certificate
-                          is extracted from the keys `tls.crt` and `tls.key`.
+                        description: |-
+                          CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
+                          The client certificate is extracted from the keys `tls.crt` and `tls.key`.
                         type: string
                       insecureSkipVerify:
                         description: InsecureSkipVerify defines whether the server
@@ -396,9 +413,10 @@ spec:
                     type: boolean
                 type: object
               headers:
-                description: 'Headers holds the headers middleware configuration.
-                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                description: |-
+                  Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
                 properties:
                   accessControlAllowCredentials:
                     description: AccessControlAllowCredentials defines whether the
@@ -463,12 +481,14 @@ spec:
                       header with the nosniff value.
                     type: boolean
                   customBrowserXSSValue:
-                    description: CustomBrowserXSSValue defines the X-XSS-Protection
-                      header value. This overrides the BrowserXssFilter option.
+                    description: |-
+                      CustomBrowserXSSValue defines the X-XSS-Protection header value.
+                      This overrides the BrowserXssFilter option.
                     type: string
                   customFrameOptionsValue:
-                    description: CustomFrameOptionsValue defines the X-Frame-Options
-                      header value. This overrides the FrameDeny option.
+                    description: |-
+                      CustomFrameOptionsValue defines the X-Frame-Options header value.
+                      This overrides the FrameDeny option.
                     type: string
                   customRequestHeaders:
                     additionalProperties:
@@ -500,25 +520,25 @@ spec:
                       type: string
                     type: array
                   isDevelopment:
-                    description: IsDevelopment defines whether to mitigate the unwanted
-                      effects of the AllowedHosts, SSL, and STS options when developing.
-                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
-                      not your production domain. If you would like your development
-                      environment to mimic production with complete Host blocking,
-                      SSL redirects, and STS headers, leave this as false.
+                    description: |-
+                      IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
+                      If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
+                      and STS headers, leave this as false.
                     type: boolean
                   permissionsPolicy:
-                    description: PermissionsPolicy defines the Permissions-Policy
-                      header value. This allows sites to control browser features.
+                    description: |-
+                      PermissionsPolicy defines the Permissions-Policy header value.
+                      This allows sites to control browser features.
                     type: string
                   publicKey:
                     description: PublicKey is the public key that implements HPKP
                       to prevent MITM attacks with forged certificates.
                     type: string
                   referrerPolicy:
-                    description: ReferrerPolicy defines the Referrer-Policy header
-                      value. This allows sites to control whether browsers forward
-                      the Referer header to other sites.
+                    description: |-
+                      ReferrerPolicy defines the Referrer-Policy header value.
+                      This allows sites to control whether browsers forward the Referer header to other sites.
                     type: string
                   sslForceHost:
                     description: 'Deprecated: use RedirectRegex instead.'
@@ -529,10 +549,9 @@ spec:
                   sslProxyHeaders:
                     additionalProperties:
                       type: string
-                    description: 'SSLProxyHeaders defines the header keys with associated
-                      values that would indicate a valid HTTPS request. It can be
-                      useful when using other proxies (example: "X-Forwarded-Proto":
-                      "https").'
+                    description: |-
+                      SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
+                      It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
                     type: object
                   sslRedirect:
                     description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -551,33 +570,35 @@ spec:
                       to the Strict-Transport-Security header.
                     type: boolean
                   stsSeconds:
-                    description: STSSeconds defines the max-age of the Strict-Transport-Security
-                      header. If set to 0, the header is not set.
+                    description: |-
+                      STSSeconds defines the max-age of the Strict-Transport-Security header.
+                      If set to 0, the header is not set.
                     format: int64
                     type: integer
                 type: object
               inFlightReq:
-                description: 'InFlightReq holds the in-flight request middleware configuration.
-                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                description: |-
+                  InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and served concurrently.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
                 properties:
                   amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      in-flight request. The middleware responds with HTTP 429 Too
-                      Many Requests if there are already amount requests in progress
-                      (based on the same sourceCriterion strategy).
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous in-flight request.
+                      The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
                     format: int64
                     type: integer
                   sourceCriterion:
-                    description: 'SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
                     properties:
                       ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -602,14 +623,16 @@ spec:
                         type: boolean
                     type: object
                 type: object
-              ipWhiteList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
-                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+              ipAllowList:
+                description: |-
+                  IPAllowList holds the IP allowlist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
                 properties:
                   ipStrategy:
-                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -630,10 +653,42 @@ spec:
                       type: string
                     type: array
                 type: object
+              ipWhiteList:
+                description: |-
+                  IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+                  Deprecated: please use IPAllowList instead.
+                properties:
+                  ipStrategy:
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation). Required.
+                    items:
+                      type: string
+                    type: array
+                type: object
               passTLSClientCert:
-                description: 'PassTLSClientCert holds the pass TLS client cert middleware
-                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                description: |-
+                  PassTLSClientCert holds the pass TLS client cert middleware configuration.
+                  This middleware adds the selected data from the passed client TLS certificate to a header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
                 properties:
                   info:
                     description: Info selects the specific client certificate details
@@ -734,46 +789,48 @@ spec:
               plugin:
                 additionalProperties:
                   x-kubernetes-preserve-unknown-fields: true
-                description: 'Plugin defines the middleware plugin configuration.
-                  More info: https://doc.traefik.io/traefik/plugins/'
+                description: |-
+                  Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/
                 type: object
               rateLimit:
-                description: 'RateLimit holds the rate limit configuration. This middleware
-                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                description: |-
+                  RateLimit holds the rate limit configuration.
+                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
                 properties:
                   average:
-                    description: Average is the maximum rate, by default in requests/s,
-                      allowed for the given source. It defaults to 0, which means
-                      no rate limiting. The rate is actually defined by dividing Average
-                      by Period. So for a rate below 1req/s, one needs to define a
-                      Period larger than a second.
+                    description: |-
+                      Average is the maximum rate, by default in requests/s, allowed for the given source.
+                      It defaults to 0, which means no rate limiting.
+                      The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
+                      one needs to define a Period larger than a second.
                     format: int64
                     type: integer
                   burst:
-                    description: Burst is the maximum number of requests allowed to
-                      arrive in the same arbitrarily small period of time. It defaults
-                      to 1.
+                    description: |-
+                      Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
+                      It defaults to 1.
                     format: int64
                     type: integer
                   period:
                     anyOf:
                     - type: integer
                     - type: string
-                    description: 'Period, in combination with Average, defines the
-                      actual maximum rate, such as: r = Average / Period. It defaults
-                      to a second.'
+                    description: |-
+                      Period, in combination with Average, defines the actual maximum rate, such as:
+                      r = Average / Period. It defaults to a second.
                     x-kubernetes-int-or-string: true
                   sourceCriterion:
-                    description: SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the request's remote
-                      address field (as an ipStrategy).
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote address field (as an ipStrategy).
                     properties:
                       ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -799,9 +856,10 @@ spec:
                     type: object
                 type: object
               redirectRegex:
-                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                description: |-
+                  RedirectRegex holds the redirect regex middleware configuration.
                   This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -817,9 +875,10 @@ spec:
                     type: string
                 type: object
               redirectScheme:
-                description: 'RedirectScheme holds the redirect scheme middleware
-                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                description: |-
+                  RedirectScheme holds the redirect scheme middleware configuration.
+                  This middleware redirects requests from a scheme/port to another.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -833,9 +892,10 @@ spec:
                     type: string
                 type: object
               replacePath:
-                description: 'ReplacePath holds the replace path middleware configuration.
-                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                description: |-
+                  ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
                 properties:
                   path:
                     description: Path defines the path to use as replacement in the
@@ -843,9 +903,10 @@ spec:
                     type: string
                 type: object
               replacePathRegex:
-                description: 'ReplacePathRegex holds the replace path regex middleware
-                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                description: |-
+                  ReplacePathRegex holds the replace path regex middleware configuration.
+                  This middleware replaces the path of a URL using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
                 properties:
                   regex:
                     description: Regex defines the regular expression used to match
@@ -857,11 +918,11 @@ spec:
                     type: string
                 type: object
               retry:
-                description: 'Retry holds the retry middleware configuration. This
-                  middleware reissues requests a given number of times to a backend
-                  server if that server does not reply. As soon as the server answers,
-                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                description: |-
+                  Retry holds the retry middleware configuration.
+                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
+                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
                 properties:
                   attempts:
                     description: Attempts defines how many times the request should
@@ -871,22 +932,24 @@ spec:
                     anyOf:
                     - type: integer
                     - type: string
-                    description: InitialInterval defines the first wait time in the
-                      exponential backoff series. The maximum interval is calculated
-                      as twice the initialInterval. If unspecified, requests will
-                      be retried immediately. The value of initialInterval should
-                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    description: |-
+                      InitialInterval defines the first wait time in the exponential backoff series.
+                      The maximum interval is calculated as twice the initialInterval.
+                      If unspecified, requests will be retried immediately.
+                      The value of initialInterval should be provided in seconds or as a valid duration format,
+                      see https://pkg.go.dev/time#ParseDuration.
                     x-kubernetes-int-or-string: true
                 type: object
               stripPrefix:
-                description: 'StripPrefix holds the strip prefix middleware configuration.
+                description: |-
+                  StripPrefix holds the strip prefix middleware configuration.
                   This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
                 properties:
                   forceSlash:
-                    description: 'ForceSlash ensures that the resulting stripped path
-                      is not the empty string, by replacing it with / when necessary.
-                      Default: true.'
+                    description: |-
+                      ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
+                      Default: true.
                     type: boolean
                   prefixes:
                     description: Prefixes defines the prefixes to strip from the request
@@ -896,9 +959,10 @@ spec:
                     type: array
                 type: object
               stripPrefixRegex:
-                description: 'StripPrefixRegex holds the strip prefix regex middleware
-                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                description: |-
+                  StripPrefixRegex holds the strip prefix regex middleware configuration.
+                  This middleware removes the matching prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
                 properties:
                   regex:
                     description: Regex defines the regular expression to match the

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: middlewaretcps.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -17,18 +17,24 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        description: |-
+          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -39,14 +45,31 @@ spec:
                 description: InFlightConn defines the InFlightConn middleware configuration.
                 properties:
                   amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      connections. The middleware closes the connection if there are
-                      already amount connections opened.
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous connections.
+                      The middleware closes the connection if there are already amount connections opened.
                     format: int64
                     type: integer
                 type: object
+              ipAllowList:
+                description: |-
+                  IPAllowList defines the IPAllowList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
               ipWhiteList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: |-
+                  IPWhiteList defines the IPWhiteList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  Deprecated: please use IPAllowList instead.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of

docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: serverstransports.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -17,20 +17,26 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+        description: |-
+          ServersTransport is the CRD implementation of a ServersTransport.
           If no serversTransport is specified, the default@internal will be used.
           The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: tlsoptions.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -17,19 +17,24 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
-          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        description: |-
+          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -37,15 +42,16 @@ spec:
             description: TLSOptionSpec defines the desired state of a TLSOption.
             properties:
               alpnProtocols:
-                description: 'ALPNProtocols defines the list of supported application
-                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                description: |-
+                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
                 items:
                   type: string
                 type: array
               cipherSuites:
-                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                description: |-
+                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
                 items:
                   type: string
                 type: array
@@ -71,26 +77,29 @@ spec:
                     type: array
                 type: object
               curvePreferences:
-                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                description: |-
+                  CurvePreferences defines the preferred elliptic curves in a specific order.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
                 items:
                   type: string
                 type: array
               maxVersion:
-                description: 'MaxVersion defines the maximum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: None.'
+                description: |-
+                  MaxVersion defines the maximum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: None.
                 type: string
               minVersion:
-                description: 'MinVersion defines the minimum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: VersionTLS10.'
+                description: |-
+                  MinVersion defines the minimum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: VersionTLS10.
                 type: string
               preferServerCipherSuites:
-                description: 'PreferServerCipherSuites defines whether the server
-                  chooses a cipher suite among his own instead of among the client''s.
+                description: |-
+                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                   It is enabled automatically when minVersion or maxVersion is set.
-                  Deprecated: https://github.com/golang/go/issues/45430'
+                  Deprecated: https://github.com/golang/go/issues/45430
                 type: boolean
               sniStrict:
                 description: SniStrict defines whether Traefik allows connections

docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: tlsstores.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -17,20 +17,26 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
-          the time being, only the TLSStore named default is supported. This means
-          that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        description: |-
+          TLSStore is the CRD implementation of a Traefik TLS Store.
+          For the time being, only the TLSStore named default is supported.
+          This means that you cannot have two stores that are named default in different Kubernetes namespaces.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: traefikservices.traefik.containo.us
 spec:
   group: traefik.containo.us
@@ -17,19 +17,27 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'TraefikService is the CRD implementation of a Traefik Service.
-          TraefikService object allows to: - Apply weight to Services on load-balancing
-          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        description: |-
+          TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to:
+          - Apply weight to Services on load-balancing
+          - Mirror traffic on services
+          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -46,10 +54,10 @@ spec:
                     - TraefikService
                     type: string
                   maxBodySize:
-                    description: MaxBodySize defines the maximum size allowed for
-                      the body of the request. If the body is larger, the request
-                      is not mirrored. Default value is -1, which means unlimited
-                      size.
+                    description: |-
+                      MaxBodySize defines the maximum size allowed for the body of the request.
+                      If the body is larger, the request is not mirrored.
+                      Default value is -1, which means unlimited size.
                     format: int64
                     type: integer
                   mirrors:
@@ -65,35 +73,37 @@ spec:
                           - TraefikService
                           type: string
                         name:
-                          description: Name defines the name of the referenced Kubernetes
-                            Service or TraefikService. The differentiation between
-                            the two is specified in the Kind field.
+                          description: |-
+                            Name defines the name of the referenced Kubernetes Service or TraefikService.
+                            The differentiation between the two is specified in the Kind field.
                           type: string
                         namespace:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
                         nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
+                          description: |-
+                            NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the pods.
+                            By default, NativeLB is false.
                           type: boolean
                         passHostHeader:
-                          description: PassHostHeader defines whether the client Host
-                            header is forwarded to the upstream Kubernetes Service.
+                          description: |-
+                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                             By default, passHostHeader is true.
                           type: boolean
                         percent:
-                          description: 'Percent defines the part of the traffic to
-                            mirror. Supported values: 0 to 100.'
+                          description: |-
+                            Percent defines the part of the traffic to mirror.
+                            Supported values: 0 to 100.
                           type: integer
                         port:
                           anyOf:
                           - type: integer
                           - type: string
-                          description: Port defines the port of a Kubernetes Service.
+                          description: |-
+                            Port defines the port of a Kubernetes Service.
                             This can be a reference to a named port.
                           x-kubernetes-int-or-string: true
                         responseForwarding:
@@ -102,30 +112,29 @@ spec:
                             client.
                           properties:
                             flushInterval:
-                              description: 'FlushInterval defines the interval, in
-                                milliseconds, in between flushes to the client while
-                                copying the response body. A negative value means
-                                to flush immediately after each write to the client.
-                                This configuration is ignored when ReverseProxy recognizes
-                                a response as a streaming response; for such responses,
-                                writes are flushed to the client immediately. Default:
-                                100ms'
+                              description: |-
+                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                A negative value means to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                for such responses, writes are flushed to the client immediately.
+                                Default: 100ms
                               type: string
                           type: object
                         scheme:
-                          description: Scheme defines the scheme to use for the request
-                            to the upstream Kubernetes Service. It defaults to https
-                            when Kubernetes Service port is 443, http otherwise.
+                          description: |-
+                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                           type: string
                         serversTransport:
-                          description: ServersTransport defines the name of ServersTransport
-                            resource to use. It allows to configure the transport
-                            between Traefik and your servers. Can only be used on
-                            a Kubernetes Service.
+                          description: |-
+                            ServersTransport defines the name of ServersTransport resource to use.
+                            It allows to configure the transport between Traefik and your servers.
+                            Can only be used on a Kubernetes Service.
                           type: string
                         sticky:
-                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          description: |-
+                            Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -138,8 +147,9 @@ spec:
                                   description: Name defines the Cookie name.
                                   type: string
                                 sameSite:
-                                  description: 'SameSite defines the same site policy.
-                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  description: |-
+                                    SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                   type: string
                                 secure:
                                   description: Secure defines whether the cookie can
@@ -149,13 +159,13 @@ spec:
                               type: object
                           type: object
                         strategy:
-                          description: Strategy defines the load balancing strategy
-                            between the servers. RoundRobin is the only supported
-                            value at the moment.
+                          description: |-
+                            Strategy defines the load balancing strategy between the servers.
+                            RoundRobin is the only supported value at the moment.
                           type: string
                         weight:
-                          description: Weight defines the weight and should only be
-                            specified when Name references a TraefikService object
+                          description: |-
+                            Weight defines the weight and should only be specified when Name references a TraefikService object
                             (and to be precise, one that embeds a Weighted Round Robin).
                           type: integer
                       required:
@@ -163,60 +173,62 @@ spec:
                       type: object
                     type: array
                   name:
-                    description: Name defines the name of the referenced Kubernetes
-                      Service or TraefikService. The differentiation between the two
-                      is specified in the Kind field.
+                    description: |-
+                      Name defines the name of the referenced Kubernetes Service or TraefikService.
+                      The differentiation between the two is specified in the Kind field.
                     type: string
                   namespace:
                     description: Namespace defines the namespace of the referenced
                       Kubernetes Service or TraefikService.
                     type: string
                   nativeLB:
-                    description: NativeLB controls, when creating the load-balancer,
-                      whether the LB's children are directly the pods IPs or if the
-                      only child is the Kubernetes Service clusterIP. The Kubernetes
-                      Service itself does load-balance to the pods. By default, NativeLB
-                      is false.
+                    description: |-
+                      NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                      The Kubernetes Service itself does load-balance to the pods.
+                      By default, NativeLB is false.
                     type: boolean
                   passHostHeader:
-                    description: PassHostHeader defines whether the client Host header
-                      is forwarded to the upstream Kubernetes Service. By default,
-                      passHostHeader is true.
+                    description: |-
+                      PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                      By default, passHostHeader is true.
                     type: boolean
                   port:
                     anyOf:
                     - type: integer
                     - type: string
-                    description: Port defines the port of a Kubernetes Service. This
-                      can be a reference to a named port.
+                    description: |-
+                      Port defines the port of a Kubernetes Service.
+                      This can be a reference to a named port.
                     x-kubernetes-int-or-string: true
                   responseForwarding:
                     description: ResponseForwarding defines how Traefik forwards the
                       response from the upstream Kubernetes Service to the client.
                     properties:
                       flushInterval:
-                        description: 'FlushInterval defines the interval, in milliseconds,
-                          in between flushes to the client while copying the response
-                          body. A negative value means to flush immediately after
-                          each write to the client. This configuration is ignored
-                          when ReverseProxy recognizes a response as a streaming response;
+                        description: |-
+                          FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                          A negative value means to flush immediately after each write to the client.
+                          This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                           for such responses, writes are flushed to the client immediately.
-                          Default: 100ms'
+                          Default: 100ms
                         type: string
                     type: object
                   scheme:
-                    description: Scheme defines the scheme to use for the request
-                      to the upstream Kubernetes Service. It defaults to https when
-                      Kubernetes Service port is 443, http otherwise.
+                    description: |-
+                      Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                      It defaults to https when Kubernetes Service port is 443, http otherwise.
                     type: string
                   serversTransport:
-                    description: ServersTransport defines the name of ServersTransport
-                      resource to use. It allows to configure the transport between
-                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    description: |-
+                      ServersTransport defines the name of ServersTransport resource to use.
+                      It allows to configure the transport between Traefik and your servers.
+                      Can only be used on a Kubernetes Service.
                     type: string
                   sticky:
-                    description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    description: |-
+                      Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -229,8 +241,9 @@ spec:
                             description: Name defines the Cookie name.
                             type: string
                           sameSite:
-                            description: 'SameSite defines the same site policy. More
-                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            description: |-
+                              SameSite defines the same site policy.
+                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                             type: string
                           secure:
                             description: Secure defines whether the cookie can only
@@ -239,13 +252,14 @@ spec:
                         type: object
                     type: object
                   strategy:
-                    description: Strategy defines the load balancing strategy between
-                      the servers. RoundRobin is the only supported value at the moment.
+                    description: |-
+                      Strategy defines the load balancing strategy between the servers.
+                      RoundRobin is the only supported value at the moment.
                     type: string
                   weight:
-                    description: Weight defines the weight and should only be specified
-                      when Name references a TraefikService object (and to be precise,
-                      one that embeds a Weighted Round Robin).
+                    description: |-
+                      Weight defines the weight and should only be specified when Name references a TraefikService object
+                      (and to be precise, one that embeds a Weighted Round Robin).
                     type: integer
                 required:
                 - name
@@ -267,31 +281,32 @@ spec:
                           - TraefikService
                           type: string
                         name:
-                          description: Name defines the name of the referenced Kubernetes
-                            Service or TraefikService. The differentiation between
-                            the two is specified in the Kind field.
+                          description: |-
+                            Name defines the name of the referenced Kubernetes Service or TraefikService.
+                            The differentiation between the two is specified in the Kind field.
                           type: string
                         namespace:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
                         nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
+                          description: |-
+                            NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the pods.
+                            By default, NativeLB is false.
                           type: boolean
                         passHostHeader:
-                          description: PassHostHeader defines whether the client Host
-                            header is forwarded to the upstream Kubernetes Service.
+                          description: |-
+                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                             By default, passHostHeader is true.
                           type: boolean
                         port:
                           anyOf:
                           - type: integer
                           - type: string
-                          description: Port defines the port of a Kubernetes Service.
+                          description: |-
+                            Port defines the port of a Kubernetes Service.
                             This can be a reference to a named port.
                           x-kubernetes-int-or-string: true
                         responseForwarding:
@@ -300,30 +315,29 @@ spec:
                             client.
                           properties:
                             flushInterval:
-                              description: 'FlushInterval defines the interval, in
-                                milliseconds, in between flushes to the client while
-                                copying the response body. A negative value means
-                                to flush immediately after each write to the client.
-                                This configuration is ignored when ReverseProxy recognizes
-                                a response as a streaming response; for such responses,
-                                writes are flushed to the client immediately. Default:
-                                100ms'
+                              description: |-
+                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                A negative value means to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                for such responses, writes are flushed to the client immediately.
+                                Default: 100ms
                               type: string
                           type: object
                         scheme:
-                          description: Scheme defines the scheme to use for the request
-                            to the upstream Kubernetes Service. It defaults to https
-                            when Kubernetes Service port is 443, http otherwise.
+                          description: |-
+                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                           type: string
                         serversTransport:
-                          description: ServersTransport defines the name of ServersTransport
-                            resource to use. It allows to configure the transport
-                            between Traefik and your servers. Can only be used on
-                            a Kubernetes Service.
+                          description: |-
+                            ServersTransport defines the name of ServersTransport resource to use.
+                            It allows to configure the transport between Traefik and your servers.
+                            Can only be used on a Kubernetes Service.
                           type: string
                         sticky:
-                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          description: |-
+                            Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -336,8 +350,9 @@ spec:
                                   description: Name defines the Cookie name.
                                   type: string
                                 sameSite:
-                                  description: 'SameSite defines the same site policy.
-                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  description: |-
+                                    SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                   type: string
                                 secure:
                                   description: Secure defines whether the cookie can
@@ -347,13 +362,13 @@ spec:
                               type: object
                           type: object
                         strategy:
-                          description: Strategy defines the load balancing strategy
-                            between the servers. RoundRobin is the only supported
-                            value at the moment.
+                          description: |-
+                            Strategy defines the load balancing strategy between the servers.
+                            RoundRobin is the only supported value at the moment.
                           type: string
                         weight:
-                          description: Weight defines the weight and should only be
-                            specified when Name references a TraefikService object
+                          description: |-
+                            Weight defines the weight and should only be specified when Name references a TraefikService object
                             (and to be precise, one that embeds a Weighted Round Robin).
                           type: integer
                       required:
@@ -361,8 +376,9 @@ spec:
                       type: object
                     type: array
                   sticky:
-                    description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    description: |-
+                      Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -375,8 +391,9 @@ spec:
                             description: Name defines the Cookie name.
                             type: string
                           sameSite:
-                            description: 'SameSite defines the same site policy. More
-                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            description: |-
+                              SameSite defines the same site policy.
+                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                             type: string
                           secure:
                             description: Secure defines whether the cookie can only

docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ingressroutes.traefik.io
 spec:
   group: traefik.io
@@ -20,14 +20,19 @@ spec:
         description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,10 +40,11 @@ spec:
             description: IngressRouteSpec defines the desired state of IngressRoute.
             properties:
               entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                 items:
                   type: string
                 type: array
@@ -48,17 +54,21 @@ spec:
                   description: Route holds the HTTP route configuration.
                   properties:
                     kind:
-                      description: Kind defines the kind of the route. Rule is the
-                        only supported kind.
+                      description: |-
+                        Kind defines the kind of the route.
+                        Rule is the only supported kind.
                       enum:
                       - Rule
                       type: string
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
                       type: string
                     middlewares:
-                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      description: |-
+                        Middlewares defines the list of references to Middleware resources.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
                       items:
                         description: MiddlewareRef is a reference to a Middleware
                           resource.
@@ -76,13 +86,14 @@ spec:
                         type: object
                       type: array
                     priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
                       type: integer
                     services:
-                      description: Services defines the list of Service. It can contain
-                        any combination of TraefikService and/or reference to a Kubernetes
-                        Service.
+                      description: |-
+                        Services defines the list of Service.
+                        It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
                       items:
                         description: Service defines an upstream HTTP service to proxy
                           traffic to.
@@ -94,31 +105,32 @@ spec:
                             - TraefikService
                             type: string
                           name:
-                            description: Name defines the name of the referenced Kubernetes
-                              Service or TraefikService. The differentiation between
-                              the two is specified in the Kind field.
+                            description: |-
+                              Name defines the name of the referenced Kubernetes Service or TraefikService.
+                              The differentiation between the two is specified in the Kind field.
                             type: string
                           namespace:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service or TraefikService.
                             type: string
                           nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                             type: boolean
                           passHostHeader:
-                            description: PassHostHeader defines whether the client
-                              Host header is forwarded to the upstream Kubernetes
-                              Service. By default, passHostHeader is true.
+                            description: |-
+                              PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                              By default, passHostHeader is true.
                             type: boolean
                           port:
                             anyOf:
                             - type: integer
                             - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                               This can be a reference to a named port.
                             x-kubernetes-int-or-string: true
                           responseForwarding:
@@ -127,30 +139,29 @@ spec:
                               the client.
                             properties:
                               flushInterval:
-                                description: 'FlushInterval defines the interval,
-                                  in milliseconds, in between flushes to the client
-                                  while copying the response body. A negative value
-                                  means to flush immediately after each write to the
-                                  client. This configuration is ignored when ReverseProxy
-                                  recognizes a response as a streaming response; for
-                                  such responses, writes are flushed to the client
-                                  immediately. Default: 100ms'
+                                description: |-
+                                  FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                  A negative value means to flush immediately after each write to the client.
+                                  This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                  for such responses, writes are flushed to the client immediately.
+                                  Default: 100ms
                                 type: string
                             type: object
                           scheme:
-                            description: Scheme defines the scheme to use for the
-                              request to the upstream Kubernetes Service. It defaults
-                              to https when Kubernetes Service port is 443, http otherwise.
+                            description: |-
+                              Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                              It defaults to https when Kubernetes Service port is 443, http otherwise.
                             type: string
                           serversTransport:
-                            description: ServersTransport defines the name of ServersTransport
-                              resource to use. It allows to configure the transport
-                              between Traefik and your servers. Can only be used on
-                              a Kubernetes Service.
+                            description: |-
+                              ServersTransport defines the name of ServersTransport resource to use.
+                              It allows to configure the transport between Traefik and your servers.
+                              Can only be used on a Kubernetes Service.
                             type: string
                           sticky:
-                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            description: |-
+                              Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                             properties:
                               cookie:
                                 description: Cookie defines the sticky cookie configuration.
@@ -164,8 +175,9 @@ spec:
                                     description: Name defines the Cookie name.
                                     type: string
                                   sameSite:
-                                    description: 'SameSite defines the same site policy.
-                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    description: |-
+                                      SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                     type: string
                                   secure:
                                     description: Secure defines whether the cookie
@@ -175,15 +187,14 @@ spec:
                                 type: object
                             type: object
                           strategy:
-                            description: Strategy defines the load balancing strategy
-                              between the servers. RoundRobin is the only supported
-                              value at the moment.
+                            description: |-
+                              Strategy defines the load balancing strategy between the servers.
+                              RoundRobin is the only supported value at the moment.
                             type: string
                           weight:
-                            description: Weight defines the weight and should only
-                              be specified when Name references a TraefikService object
-                              (and to be precise, one that embeds a Weighted Round
-                              Robin).
+                            description: |-
+                              Weight defines the weight and should only be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round Robin).
                             type: integer
                         required:
                         - name
@@ -195,16 +206,20 @@ spec:
                   type: object
                 type: array
               tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                description: |-
+                  TLS defines the TLS configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
                 properties:
                   certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                     type: string
                   domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -220,17 +235,20 @@ spec:
                       type: object
                     type: array
                   options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                     properties:
                       name:
-                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                       namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                     required:
                     - name
@@ -240,17 +258,19 @@ spec:
                       Secret to specify the certificate details.
                     type: string
                   store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                     properties:
                       name:
-                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                       namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                     required:
                     - name

docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ingressroutetcps.traefik.io
 spec:
   group: traefik.io
@@ -20,14 +20,19 @@ spec:
         description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,10 +40,11 @@ spec:
             description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
             properties:
               entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                 items:
                   type: string
                 type: array
@@ -48,7 +54,9 @@ spec:
                   description: RouteTCP holds the TCP route configuration.
                   properties:
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
                       type: string
                     middlewares:
                       description: Middlewares defines the list of references to MiddlewareTCP
@@ -70,8 +78,9 @@ spec:
                         type: object
                       type: array
                     priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
                       type: integer
                     services:
                       description: Services defines the list of TCP services.
@@ -88,22 +97,24 @@ spec:
                               Kubernetes Service.
                             type: string
                           nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                             type: boolean
                           port:
                             anyOf:
                             - type: integer
                             - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                               This can be a reference to a named port.
                             x-kubernetes-int-or-string: true
                           proxyProtocol:
-                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            description: |-
+                              ProxyProtocol defines the PROXY protocol configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
                             properties:
                               version:
                                 description: Version defines the PROXY Protocol version
@@ -111,13 +122,12 @@ spec:
                                 type: integer
                             type: object
                           terminationDelay:
-                            description: TerminationDelay defines the deadline that
-                              the proxy sets, after one of its connected peers indicates
-                              it has closed the writing capability of its connection,
-                              to close the reading capability as well, hence fully
-                              terminating the connection. It is a duration in milliseconds,
-                              defaulting to 100. A negative value means an infinite
-                              deadline (i.e. the reading capability is never closed).
+                            description: |-
+                              TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection, to close the reading capability as well,
+                              hence fully terminating the connection.
+                              It is a duration in milliseconds, defaulting to 100.
+                              A negative value means an infinite deadline (i.e. the reading capability is never closed).
                             type: integer
                           weight:
                             description: Weight defines the weight used when balancing
@@ -133,17 +143,20 @@ spec:
                   type: object
                 type: array
               tls:
-                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                description: |-
+                  TLS defines the TLS configuration on a layer 4 / TCP Route.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
                 properties:
                   certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                     type: string
                   domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -159,9 +172,10 @@ spec:
                       type: object
                     type: array
                   options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik
@@ -183,9 +197,9 @@ spec:
                       Secret to specify the certificate details.
                     type: string
                   store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik

docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: ingressrouteudps.traefik.io
 spec:
   group: traefik.io
@@ -20,14 +20,19 @@ spec:
         description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,10 +40,11 @@ spec:
             description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
             properties:
               entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                 items:
                   type: string
                 type: array
@@ -62,17 +68,18 @@ spec:
                               Kubernetes Service.
                             type: string
                           nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                             type: boolean
                           port:
                             anyOf:
                             - type: integer
                             - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                               This can be a reference to a named port.
                             x-kubernetes-int-or-string: true
                           weight:

docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: middlewares.traefik.io
 spec:
   group: traefik.io
@@ -17,18 +17,24 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        description: |-
+          Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -36,33 +42,37 @@ spec:
             description: MiddlewareSpec defines the desired state of a Middleware.
             properties:
               addPrefix:
-                description: 'AddPrefix holds the add prefix middleware configuration.
-                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                description: |-
+                  AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding it.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
                 properties:
                   prefix:
-                    description: Prefix is the string to add before the current path
-                      in the requested URL. It should include a leading slash (/).
+                    description: |-
+                      Prefix is the string to add before the current path in the requested URL.
+                      It should include a leading slash (/).
                     type: string
                 type: object
               basicAuth:
-                description: 'BasicAuth holds the basic auth middleware configuration.
+                description: |-
+                  BasicAuth holds the basic auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
                 properties:
                   headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                     type: string
                   realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                     type: string
                   removeHeader:
-                    description: 'RemoveHeader sets the removeHeader option to true
-                      to remove the authorization header before forwarding the request
-                      to your service. Default: false.'
+                    description: |-
+                      RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+                      Default: false.
                     type: boolean
                   secret:
                     description: Secret is the name of the referenced Kubernetes Secret
@@ -70,48 +80,49 @@ spec:
                     type: string
                 type: object
               buffering:
-                description: 'Buffering holds the buffering middleware configuration.
-                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                description: |-
+                  Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can be forwarded to backends.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
                 properties:
                   maxRequestBodyBytes:
-                    description: 'MaxRequestBodyBytes defines the maximum allowed
-                      body size for the request (in bytes). If the request exceeds
-                      the allowed size, it is not forwarded to the service, and the
-                      client gets a 413 (Request Entity Too Large) response. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
+                      If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
+                      Default: 0 (no maximum).
                     format: int64
                     type: integer
                   maxResponseBodyBytes:
-                    description: 'MaxResponseBodyBytes defines the maximum allowed
-                      response size from the service (in bytes). If the response exceeds
-                      the allowed size, it is not forwarded to the client. The client
-                      gets a 500 (Internal Server Error) response instead. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
+                      If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
+                      Default: 0 (no maximum).
                     format: int64
                     type: integer
                   memRequestBodyBytes:
-                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
-                      from which the request will be buffered on disk instead of in
-                      memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                     format: int64
                     type: integer
                   memResponseBodyBytes:
-                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
-                      from which the response will be buffered on disk instead of
-                      in memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                     format: int64
                     type: integer
                   retryExpression:
-                    description: 'RetryExpression defines the retry conditions. It
-                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    description: |-
+                      RetryExpression defines the retry conditions.
+                      It is a logical combination of functions with operators AND (&&) and OR (||).
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
                     type: string
                 type: object
               chain:
-                description: 'Chain holds the configuration of the chain middleware.
-                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                description: |-
+                  Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other pieces of middleware.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
                 properties:
                   middlewares:
                     description: Middlewares is the list of MiddlewareRef which composes
@@ -163,9 +174,10 @@ spec:
                     x-kubernetes-int-or-string: true
                 type: object
               compress:
-                description: 'Compress holds the compress middleware configuration.
-                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                description: |-
+                  Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the client, using gzip compression.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
                 properties:
                   excludedContentTypes:
                     description: ExcludedContentTypes defines the list of content
@@ -175,40 +187,40 @@ spec:
                       type: string
                     type: array
                   minResponseBodyBytes:
-                    description: 'MinResponseBodyBytes defines the minimum amount
-                      of bytes a response body must have to be compressed. Default:
-                      1024.'
+                    description: |-
+                      MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
+                      Default: 1024.
                     type: integer
                 type: object
               contentType:
-                description: ContentType holds the content-type middleware configuration.
-                  This middleware exists to enable the correct behavior until at least
-                  the default one can be changed in a future version.
+                description: |-
+                  ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
                 properties:
                   autoDetect:
-                    description: AutoDetect specifies whether to let the `Content-Type`
-                      header, if it has not been set by the backend, be automatically
-                      set to a value derived from the contents of the response. As
-                      a proxy, the default behavior should be to leave the header
-                      alone, regardless of what the backend did with it. However,
-                      the historic default was to always auto-detect and set the header
-                      if it was nil, and it is going to be kept that way in order
-                      to support users currently relying on it.
+                    description: |-
+                      AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
+                      be automatically set to a value derived from the contents of the response.
+                      As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
+                      However, the historic default was to always auto-detect and set the header if it was nil,
+                      and it is going to be kept that way in order to support users currently relying on it.
                     type: boolean
                 type: object
               digestAuth:
-                description: 'DigestAuth holds the digest auth middleware configuration.
+                description: |-
+                  DigestAuth holds the digest auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
                 properties:
                   headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                     type: string
                   realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                     type: string
                   removeHeader:
                     description: RemoveHeader defines whether to remove the authorization
@@ -220,18 +232,20 @@ spec:
                     type: string
                 type: object
               errors:
-                description: 'ErrorPage holds the custom error middleware configuration.
-                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                description: |-
+                  ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
                 properties:
                   query:
-                    description: Query defines the URL for the error page (hosted
-                      by service). The {status} variable can be used in order to insert
-                      the status code in the URL.
+                    description: |-
+                      Query defines the URL for the error page (hosted by service).
+                      The {status} variable can be used in order to insert the status code in the URL.
                     type: string
                   service:
-                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    description: |-
+                      Service defines the reference to a Kubernetes Service that will serve the error page.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
                     properties:
                       kind:
                         description: Kind defines the kind of the Service.
@@ -240,31 +254,32 @@ spec:
                         - TraefikService
                         type: string
                       name:
-                        description: Name defines the name of the referenced Kubernetes
-                          Service or TraefikService. The differentiation between the
-                          two is specified in the Kind field.
+                        description: |-
+                          Name defines the name of the referenced Kubernetes Service or TraefikService.
+                          The differentiation between the two is specified in the Kind field.
                         type: string
                       namespace:
                         description: Namespace defines the namespace of the referenced
                           Kubernetes Service or TraefikService.
                         type: string
                       nativeLB:
-                        description: NativeLB controls, when creating the load-balancer,
-                          whether the LB's children are directly the pods IPs or if
-                          the only child is the Kubernetes Service clusterIP. The
-                          Kubernetes Service itself does load-balance to the pods.
+                        description: |-
+                          NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                          The Kubernetes Service itself does load-balance to the pods.
                           By default, NativeLB is false.
                         type: boolean
                       passHostHeader:
-                        description: PassHostHeader defines whether the client Host
-                          header is forwarded to the upstream Kubernetes Service.
+                        description: |-
+                          PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                           By default, passHostHeader is true.
                         type: boolean
                       port:
                         anyOf:
                         - type: integer
                         - type: string
-                        description: Port defines the port of a Kubernetes Service.
+                        description: |-
+                          Port defines the port of a Kubernetes Service.
                           This can be a reference to a named port.
                         x-kubernetes-int-or-string: true
                       responseForwarding:
@@ -273,29 +288,29 @@ spec:
                           client.
                         properties:
                           flushInterval:
-                            description: 'FlushInterval defines the interval, in milliseconds,
-                              in between flushes to the client while copying the response
-                              body. A negative value means to flush immediately after
-                              each write to the client. This configuration is ignored
-                              when ReverseProxy recognizes a response as a streaming
-                              response; for such responses, writes are flushed to
-                              the client immediately. Default: 100ms'
+                            description: |-
+                              FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                              A negative value means to flush immediately after each write to the client.
+                              This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                              for such responses, writes are flushed to the client immediately.
+                              Default: 100ms
                             type: string
                         type: object
                       scheme:
-                        description: Scheme defines the scheme to use for the request
-                          to the upstream Kubernetes Service. It defaults to https
-                          when Kubernetes Service port is 443, http otherwise.
+                        description: |-
+                          Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                          It defaults to https when Kubernetes Service port is 443, http otherwise.
                         type: string
                       serversTransport:
-                        description: ServersTransport defines the name of ServersTransport
-                          resource to use. It allows to configure the transport between
-                          Traefik and your servers. Can only be used on a Kubernetes
-                          Service.
+                        description: |-
+                          ServersTransport defines the name of ServersTransport resource to use.
+                          It allows to configure the transport between Traefik and your servers.
+                          Can only be used on a Kubernetes Service.
                         type: string
                       sticky:
-                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        description: |-
+                          Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                         properties:
                           cookie:
                             description: Cookie defines the sticky cookie configuration.
@@ -308,8 +323,9 @@ spec:
                                 description: Name defines the Cookie name.
                                 type: string
                               sameSite:
-                                description: 'SameSite defines the same site policy.
-                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                description: |-
+                                  SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                 type: string
                               secure:
                                 description: Secure defines whether the cookie can
@@ -319,40 +335,42 @@ spec:
                             type: object
                         type: object
                       strategy:
-                        description: Strategy defines the load balancing strategy
-                          between the servers. RoundRobin is the only supported value
-                          at the moment.
+                        description: |-
+                          Strategy defines the load balancing strategy between the servers.
+                          RoundRobin is the only supported value at the moment.
                         type: string
                       weight:
-                        description: Weight defines the weight and should only be
-                          specified when Name references a TraefikService object (and
-                          to be precise, one that embeds a Weighted Round Robin).
+                        description: |-
+                          Weight defines the weight and should only be specified when Name references a TraefikService object
+                          (and to be precise, one that embeds a Weighted Round Robin).
                         type: integer
                     required:
                     - name
                     type: object
                   status:
-                    description: Status defines which status or range of statuses
-                      should result in an error page. It can be either a status code
-                      as a number (500), as multiple comma-separated numbers (500,502),
-                      as ranges by separating two codes with a dash (500-599), or
-                      a combination of the two (404,418,500-599).
+                    description: |-
+                      Status defines which status or range of statuses should result in an error page.
+                      It can be either a status code as a number (500),
+                      as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599),
+                      or a combination of the two (404,418,500-599).
                     items:
                       type: string
                     type: array
                 type: object
               forwardAuth:
-                description: 'ForwardAuth holds the forward auth middleware configuration.
+                description: |-
+                  ForwardAuth holds the forward auth middleware configuration.
                   This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
                 properties:
                   address:
                     description: Address defines the authentication server address.
                     type: string
                   authRequestHeaders:
-                    description: AuthRequestHeaders defines the list of the headers
-                      to copy from the request to the authentication server. If not
-                      set or empty then all request headers are passed.
+                    description: |-
+                      AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+                      If not set or empty then all request headers are passed.
                     items:
                       type: string
                     type: array
@@ -364,10 +382,9 @@ spec:
                       type: string
                     type: array
                   authResponseHeadersRegex:
-                    description: 'AuthResponseHeadersRegex defines the regex to match
-                      headers to copy from the authentication server response and
-                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    description: |-
+                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
                     type: string
                   tls:
                     description: TLS defines the configuration used to secure the
@@ -376,14 +393,14 @@ spec:
                       caOptional:
                         type: boolean
                       caSecret:
-                        description: CASecret is the name of the referenced Kubernetes
-                          Secret containing the CA to validate the server certificate.
+                        description: |-
+                          CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
                           The CA certificate is extracted from key `tls.ca` or `ca.crt`.
                         type: string
                       certSecret:
-                        description: CertSecret is the name of the referenced Kubernetes
-                          Secret containing the client certificate. The client certificate
-                          is extracted from the keys `tls.crt` and `tls.key`.
+                        description: |-
+                          CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
+                          The client certificate is extracted from the keys `tls.crt` and `tls.key`.
                         type: string
                       insecureSkipVerify:
                         description: InsecureSkipVerify defines whether the server
@@ -396,9 +413,10 @@ spec:
                     type: boolean
                 type: object
               headers:
-                description: 'Headers holds the headers middleware configuration.
-                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                description: |-
+                  Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
                 properties:
                   accessControlAllowCredentials:
                     description: AccessControlAllowCredentials defines whether the
@@ -463,12 +481,14 @@ spec:
                       header with the nosniff value.
                     type: boolean
                   customBrowserXSSValue:
-                    description: CustomBrowserXSSValue defines the X-XSS-Protection
-                      header value. This overrides the BrowserXssFilter option.
+                    description: |-
+                      CustomBrowserXSSValue defines the X-XSS-Protection header value.
+                      This overrides the BrowserXssFilter option.
                     type: string
                   customFrameOptionsValue:
-                    description: CustomFrameOptionsValue defines the X-Frame-Options
-                      header value. This overrides the FrameDeny option.
+                    description: |-
+                      CustomFrameOptionsValue defines the X-Frame-Options header value.
+                      This overrides the FrameDeny option.
                     type: string
                   customRequestHeaders:
                     additionalProperties:
@@ -500,25 +520,25 @@ spec:
                       type: string
                     type: array
                   isDevelopment:
-                    description: IsDevelopment defines whether to mitigate the unwanted
-                      effects of the AllowedHosts, SSL, and STS options when developing.
-                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
-                      not your production domain. If you would like your development
-                      environment to mimic production with complete Host blocking,
-                      SSL redirects, and STS headers, leave this as false.
+                    description: |-
+                      IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
+                      If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
+                      and STS headers, leave this as false.
                     type: boolean
                   permissionsPolicy:
-                    description: PermissionsPolicy defines the Permissions-Policy
-                      header value. This allows sites to control browser features.
+                    description: |-
+                      PermissionsPolicy defines the Permissions-Policy header value.
+                      This allows sites to control browser features.
                     type: string
                   publicKey:
                     description: PublicKey is the public key that implements HPKP
                       to prevent MITM attacks with forged certificates.
                     type: string
                   referrerPolicy:
-                    description: ReferrerPolicy defines the Referrer-Policy header
-                      value. This allows sites to control whether browsers forward
-                      the Referer header to other sites.
+                    description: |-
+                      ReferrerPolicy defines the Referrer-Policy header value.
+                      This allows sites to control whether browsers forward the Referer header to other sites.
                     type: string
                   sslForceHost:
                     description: 'Deprecated: use RedirectRegex instead.'
@@ -529,10 +549,9 @@ spec:
                   sslProxyHeaders:
                     additionalProperties:
                       type: string
-                    description: 'SSLProxyHeaders defines the header keys with associated
-                      values that would indicate a valid HTTPS request. It can be
-                      useful when using other proxies (example: "X-Forwarded-Proto":
-                      "https").'
+                    description: |-
+                      SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
+                      It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
                     type: object
                   sslRedirect:
                     description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -551,33 +570,35 @@ spec:
                       to the Strict-Transport-Security header.
                     type: boolean
                   stsSeconds:
-                    description: STSSeconds defines the max-age of the Strict-Transport-Security
-                      header. If set to 0, the header is not set.
+                    description: |-
+                      STSSeconds defines the max-age of the Strict-Transport-Security header.
+                      If set to 0, the header is not set.
                     format: int64
                     type: integer
                 type: object
               inFlightReq:
-                description: 'InFlightReq holds the in-flight request middleware configuration.
-                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                description: |-
+                  InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and served concurrently.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
                 properties:
                   amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      in-flight request. The middleware responds with HTTP 429 Too
-                      Many Requests if there are already amount requests in progress
-                      (based on the same sourceCriterion strategy).
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous in-flight request.
+                      The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
                     format: int64
                     type: integer
                   sourceCriterion:
-                    description: 'SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
                     properties:
                       ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -602,14 +623,16 @@ spec:
                         type: boolean
                     type: object
                 type: object
-              ipWhiteList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
-                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+              ipAllowList:
+                description: |-
+                  IPAllowList holds the IP allowlist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
                 properties:
                   ipStrategy:
-                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -630,10 +653,42 @@ spec:
                       type: string
                     type: array
                 type: object
+              ipWhiteList:
+                description: |-
+                  IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+                  Deprecated: please use IPAllowList instead.
+                properties:
+                  ipStrategy:
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation). Required.
+                    items:
+                      type: string
+                    type: array
+                type: object
               passTLSClientCert:
-                description: 'PassTLSClientCert holds the pass TLS client cert middleware
-                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                description: |-
+                  PassTLSClientCert holds the pass TLS client cert middleware configuration.
+                  This middleware adds the selected data from the passed client TLS certificate to a header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
                 properties:
                   info:
                     description: Info selects the specific client certificate details
@@ -734,46 +789,48 @@ spec:
               plugin:
                 additionalProperties:
                   x-kubernetes-preserve-unknown-fields: true
-                description: 'Plugin defines the middleware plugin configuration.
-                  More info: https://doc.traefik.io/traefik/plugins/'
+                description: |-
+                  Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/
                 type: object
               rateLimit:
-                description: 'RateLimit holds the rate limit configuration. This middleware
-                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                description: |-
+                  RateLimit holds the rate limit configuration.
+                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
                 properties:
                   average:
-                    description: Average is the maximum rate, by default in requests/s,
-                      allowed for the given source. It defaults to 0, which means
-                      no rate limiting. The rate is actually defined by dividing Average
-                      by Period. So for a rate below 1req/s, one needs to define a
-                      Period larger than a second.
+                    description: |-
+                      Average is the maximum rate, by default in requests/s, allowed for the given source.
+                      It defaults to 0, which means no rate limiting.
+                      The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
+                      one needs to define a Period larger than a second.
                     format: int64
                     type: integer
                   burst:
-                    description: Burst is the maximum number of requests allowed to
-                      arrive in the same arbitrarily small period of time. It defaults
-                      to 1.
+                    description: |-
+                      Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
+                      It defaults to 1.
                     format: int64
                     type: integer
                   period:
                     anyOf:
                     - type: integer
                     - type: string
-                    description: 'Period, in combination with Average, defines the
-                      actual maximum rate, such as: r = Average / Period. It defaults
-                      to a second.'
+                    description: |-
+                      Period, in combination with Average, defines the actual maximum rate, such as:
+                      r = Average / Period. It defaults to a second.
                     x-kubernetes-int-or-string: true
                   sourceCriterion:
-                    description: SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the request's remote
-                      address field (as an ipStrategy).
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote address field (as an ipStrategy).
                     properties:
                       ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -799,9 +856,10 @@ spec:
                     type: object
                 type: object
               redirectRegex:
-                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                description: |-
+                  RedirectRegex holds the redirect regex middleware configuration.
                   This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -817,9 +875,10 @@ spec:
                     type: string
                 type: object
               redirectScheme:
-                description: 'RedirectScheme holds the redirect scheme middleware
-                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                description: |-
+                  RedirectScheme holds the redirect scheme middleware configuration.
+                  This middleware redirects requests from a scheme/port to another.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -833,9 +892,10 @@ spec:
                     type: string
                 type: object
               replacePath:
-                description: 'ReplacePath holds the replace path middleware configuration.
-                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                description: |-
+                  ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
                 properties:
                   path:
                     description: Path defines the path to use as replacement in the
@@ -843,9 +903,10 @@ spec:
                     type: string
                 type: object
               replacePathRegex:
-                description: 'ReplacePathRegex holds the replace path regex middleware
-                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                description: |-
+                  ReplacePathRegex holds the replace path regex middleware configuration.
+                  This middleware replaces the path of a URL using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
                 properties:
                   regex:
                     description: Regex defines the regular expression used to match
@@ -857,11 +918,11 @@ spec:
                     type: string
                 type: object
               retry:
-                description: 'Retry holds the retry middleware configuration. This
-                  middleware reissues requests a given number of times to a backend
-                  server if that server does not reply. As soon as the server answers,
-                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                description: |-
+                  Retry holds the retry middleware configuration.
+                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
+                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
                 properties:
                   attempts:
                     description: Attempts defines how many times the request should
@@ -871,22 +932,24 @@ spec:
                     anyOf:
                     - type: integer
                     - type: string
-                    description: InitialInterval defines the first wait time in the
-                      exponential backoff series. The maximum interval is calculated
-                      as twice the initialInterval. If unspecified, requests will
-                      be retried immediately. The value of initialInterval should
-                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    description: |-
+                      InitialInterval defines the first wait time in the exponential backoff series.
+                      The maximum interval is calculated as twice the initialInterval.
+                      If unspecified, requests will be retried immediately.
+                      The value of initialInterval should be provided in seconds or as a valid duration format,
+                      see https://pkg.go.dev/time#ParseDuration.
                     x-kubernetes-int-or-string: true
                 type: object
               stripPrefix:
-                description: 'StripPrefix holds the strip prefix middleware configuration.
+                description: |-
+                  StripPrefix holds the strip prefix middleware configuration.
                   This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
                 properties:
                   forceSlash:
-                    description: 'ForceSlash ensures that the resulting stripped path
-                      is not the empty string, by replacing it with / when necessary.
-                      Default: true.'
+                    description: |-
+                      ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
+                      Default: true.
                     type: boolean
                   prefixes:
                     description: Prefixes defines the prefixes to strip from the request
@@ -896,9 +959,10 @@ spec:
                     type: array
                 type: object
               stripPrefixRegex:
-                description: 'StripPrefixRegex holds the strip prefix regex middleware
-                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                description: |-
+                  StripPrefixRegex holds the strip prefix regex middleware configuration.
+                  This middleware removes the matching prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
                 properties:
                   regex:
                     description: Regex defines the regular expression to match the

docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: middlewaretcps.traefik.io
 spec:
   group: traefik.io
@@ -17,18 +17,24 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        description: |-
+          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -39,14 +45,31 @@ spec:
                 description: InFlightConn defines the InFlightConn middleware configuration.
                 properties:
                   amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      connections. The middleware closes the connection if there are
-                      already amount connections opened.
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous connections.
+                      The middleware closes the connection if there are already amount connections opened.
                     format: int64
                     type: integer
                 type: object
+              ipAllowList:
+                description: |-
+                  IPAllowList defines the IPAllowList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
               ipWhiteList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: |-
+                  IPWhiteList defines the IPWhiteList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  Deprecated: please use IPAllowList instead.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of

docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: serverstransports.traefik.io
 spec:
   group: traefik.io
@@ -17,20 +17,26 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+        description: |-
+          ServersTransport is the CRD implementation of a ServersTransport.
           If no serversTransport is specified, the default@internal will be used.
           The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: tlsoptions.traefik.io
 spec:
   group: traefik.io
@@ -17,19 +17,24 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
-          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        description: |-
+          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -37,15 +42,16 @@ spec:
             description: TLSOptionSpec defines the desired state of a TLSOption.
             properties:
               alpnProtocols:
-                description: 'ALPNProtocols defines the list of supported application
-                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                description: |-
+                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
                 items:
                   type: string
                 type: array
               cipherSuites:
-                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                description: |-
+                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
                 items:
                   type: string
                 type: array
@@ -71,26 +77,29 @@ spec:
                     type: array
                 type: object
               curvePreferences:
-                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                description: |-
+                  CurvePreferences defines the preferred elliptic curves in a specific order.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
                 items:
                   type: string
                 type: array
               maxVersion:
-                description: 'MaxVersion defines the maximum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: None.'
+                description: |-
+                  MaxVersion defines the maximum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: None.
                 type: string
               minVersion:
-                description: 'MinVersion defines the minimum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: VersionTLS10.'
+                description: |-
+                  MinVersion defines the minimum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: VersionTLS10.
                 type: string
               preferServerCipherSuites:
-                description: 'PreferServerCipherSuites defines whether the server
-                  chooses a cipher suite among his own instead of among the client''s.
+                description: |-
+                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                   It is enabled automatically when minVersion or maxVersion is set.
-                  Deprecated: https://github.com/golang/go/issues/45430'
+                  Deprecated: https://github.com/golang/go/issues/45430
                 type: boolean
               sniStrict:
                 description: SniStrict defines whether Traefik allows connections

docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: tlsstores.traefik.io
 spec:
   group: traefik.io
@@ -17,20 +17,26 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
-          the time being, only the TLSStore named default is supported. This means
-          that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        description: |-
+          TLSStore is the CRD implementation of a Traefik TLS Store.
+          For the time being, only the TLSStore named default is supported.
+          This means that you cannot have two stores that are named default in different Kubernetes namespaces.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object

docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: traefikservices.traefik.io
 spec:
   group: traefik.io
@@ -17,19 +17,27 @@ spec:
   - name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: 'TraefikService is the CRD implementation of a Traefik Service.
-          TraefikService object allows to: - Apply weight to Services on load-balancing
-          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        description: |-
+          TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to:
+          - Apply weight to Services on load-balancing
+          - Mirror traffic on services
+          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -46,10 +54,10 @@ spec:
                     - TraefikService
                     type: string
                   maxBodySize:
-                    description: MaxBodySize defines the maximum size allowed for
-                      the body of the request. If the body is larger, the request
-                      is not mirrored. Default value is -1, which means unlimited
-                      size.
+                    description: |-
+                      MaxBodySize defines the maximum size allowed for the body of the request.
+                      If the body is larger, the request is not mirrored.
+                      Default value is -1, which means unlimited size.
                     format: int64
                     type: integer
                   mirrors:
@@ -65,35 +73,37 @@ spec:
                           - TraefikService
                           type: string
                         name:
-                          description: Name defines the name of the referenced Kubernetes
-                            Service or TraefikService. The differentiation between
-                            the two is specified in the Kind field.
+                          description: |-
+                            Name defines the name of the referenced Kubernetes Service or TraefikService.
+                            The differentiation between the two is specified in the Kind field.
                           type: string
                         namespace:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
                         nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
+                          description: |-
+                            NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the pods.
+                            By default, NativeLB is false.
                           type: boolean
                         passHostHeader:
-                          description: PassHostHeader defines whether the client Host
-                            header is forwarded to the upstream Kubernetes Service.
+                          description: |-
+                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                             By default, passHostHeader is true.
                           type: boolean
                         percent:
-                          description: 'Percent defines the part of the traffic to
-                            mirror. Supported values: 0 to 100.'
+                          description: |-
+                            Percent defines the part of the traffic to mirror.
+                            Supported values: 0 to 100.
                           type: integer
                         port:
                           anyOf:
                           - type: integer
                           - type: string
-                          description: Port defines the port of a Kubernetes Service.
+                          description: |-
+                            Port defines the port of a Kubernetes Service.
                             This can be a reference to a named port.
                           x-kubernetes-int-or-string: true
                         responseForwarding:
@@ -102,30 +112,29 @@ spec:
                             client.
                           properties:
                             flushInterval:
-                              description: 'FlushInterval defines the interval, in
-                                milliseconds, in between flushes to the client while
-                                copying the response body. A negative value means
-                                to flush immediately after each write to the client.
-                                This configuration is ignored when ReverseProxy recognizes
-                                a response as a streaming response; for such responses,
-                                writes are flushed to the client immediately. Default:
-                                100ms'
+                              description: |-
+                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                A negative value means to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                for such responses, writes are flushed to the client immediately.
+                                Default: 100ms
                               type: string
                           type: object
                         scheme:
-                          description: Scheme defines the scheme to use for the request
-                            to the upstream Kubernetes Service. It defaults to https
-                            when Kubernetes Service port is 443, http otherwise.
+                          description: |-
+                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                           type: string
                         serversTransport:
-                          description: ServersTransport defines the name of ServersTransport
-                            resource to use. It allows to configure the transport
-                            between Traefik and your servers. Can only be used on
-                            a Kubernetes Service.
+                          description: |-
+                            ServersTransport defines the name of ServersTransport resource to use.
+                            It allows to configure the transport between Traefik and your servers.
+                            Can only be used on a Kubernetes Service.
                           type: string
                         sticky:
-                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          description: |-
+                            Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -138,8 +147,9 @@ spec:
                                   description: Name defines the Cookie name.
                                   type: string
                                 sameSite:
-                                  description: 'SameSite defines the same site policy.
-                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  description: |-
+                                    SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                   type: string
                                 secure:
                                   description: Secure defines whether the cookie can
@@ -149,13 +159,13 @@ spec:
                               type: object
                           type: object
                         strategy:
-                          description: Strategy defines the load balancing strategy
-                            between the servers. RoundRobin is the only supported
-                            value at the moment.
+                          description: |-
+                            Strategy defines the load balancing strategy between the servers.
+                            RoundRobin is the only supported value at the moment.
                           type: string
                         weight:
-                          description: Weight defines the weight and should only be
-                            specified when Name references a TraefikService object
+                          description: |-
+                            Weight defines the weight and should only be specified when Name references a TraefikService object
                             (and to be precise, one that embeds a Weighted Round Robin).
                           type: integer
                       required:
@@ -163,60 +173,62 @@ spec:
                       type: object
                     type: array
                   name:
-                    description: Name defines the name of the referenced Kubernetes
-                      Service or TraefikService. The differentiation between the two
-                      is specified in the Kind field.
+                    description: |-
+                      Name defines the name of the referenced Kubernetes Service or TraefikService.
+                      The differentiation between the two is specified in the Kind field.
                     type: string
                   namespace:
                     description: Namespace defines the namespace of the referenced
                       Kubernetes Service or TraefikService.
                     type: string
                   nativeLB:
-                    description: NativeLB controls, when creating the load-balancer,
-                      whether the LB's children are directly the pods IPs or if the
-                      only child is the Kubernetes Service clusterIP. The Kubernetes
-                      Service itself does load-balance to the pods. By default, NativeLB
-                      is false.
+                    description: |-
+                      NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                      The Kubernetes Service itself does load-balance to the pods.
+                      By default, NativeLB is false.
                     type: boolean
                   passHostHeader:
-                    description: PassHostHeader defines whether the client Host header
-                      is forwarded to the upstream Kubernetes Service. By default,
-                      passHostHeader is true.
+                    description: |-
+                      PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                      By default, passHostHeader is true.
                     type: boolean
                   port:
                     anyOf:
                     - type: integer
                     - type: string
-                    description: Port defines the port of a Kubernetes Service. This
-                      can be a reference to a named port.
+                    description: |-
+                      Port defines the port of a Kubernetes Service.
+                      This can be a reference to a named port.
                     x-kubernetes-int-or-string: true
                   responseForwarding:
                     description: ResponseForwarding defines how Traefik forwards the
                       response from the upstream Kubernetes Service to the client.
                     properties:
                       flushInterval:
-                        description: 'FlushInterval defines the interval, in milliseconds,
-                          in between flushes to the client while copying the response
-                          body. A negative value means to flush immediately after
-                          each write to the client. This configuration is ignored
-                          when ReverseProxy recognizes a response as a streaming response;
+                        description: |-
+                          FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                          A negative value means to flush immediately after each write to the client.
+                          This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                           for such responses, writes are flushed to the client immediately.
-                          Default: 100ms'
+                          Default: 100ms
                         type: string
                     type: object
                   scheme:
-                    description: Scheme defines the scheme to use for the request
-                      to the upstream Kubernetes Service. It defaults to https when
-                      Kubernetes Service port is 443, http otherwise.
+                    description: |-
+                      Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                      It defaults to https when Kubernetes Service port is 443, http otherwise.
                     type: string
                   serversTransport:
-                    description: ServersTransport defines the name of ServersTransport
-                      resource to use. It allows to configure the transport between
-                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    description: |-
+                      ServersTransport defines the name of ServersTransport resource to use.
+                      It allows to configure the transport between Traefik and your servers.
+                      Can only be used on a Kubernetes Service.
                     type: string
                   sticky:
-                    description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    description: |-
+                      Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -229,8 +241,9 @@ spec:
                             description: Name defines the Cookie name.
                             type: string
                           sameSite:
-                            description: 'SameSite defines the same site policy. More
-                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            description: |-
+                              SameSite defines the same site policy.
+                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                             type: string
                           secure:
                             description: Secure defines whether the cookie can only
@@ -239,13 +252,14 @@ spec:
                         type: object
                     type: object
                   strategy:
-                    description: Strategy defines the load balancing strategy between
-                      the servers. RoundRobin is the only supported value at the moment.
+                    description: |-
+                      Strategy defines the load balancing strategy between the servers.
+                      RoundRobin is the only supported value at the moment.
                     type: string
                   weight:
-                    description: Weight defines the weight and should only be specified
-                      when Name references a TraefikService object (and to be precise,
-                      one that embeds a Weighted Round Robin).
+                    description: |-
+                      Weight defines the weight and should only be specified when Name references a TraefikService object
+                      (and to be precise, one that embeds a Weighted Round Robin).
                     type: integer
                 required:
                 - name
@@ -267,31 +281,32 @@ spec:
                           - TraefikService
                           type: string
                         name:
-                          description: Name defines the name of the referenced Kubernetes
-                            Service or TraefikService. The differentiation between
-                            the two is specified in the Kind field.
+                          description: |-
+                            Name defines the name of the referenced Kubernetes Service or TraefikService.
+                            The differentiation between the two is specified in the Kind field.
                           type: string
                         namespace:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
                         nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
+                          description: |-
+                            NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the pods.
+                            By default, NativeLB is false.
                           type: boolean
                         passHostHeader:
-                          description: PassHostHeader defines whether the client Host
-                            header is forwarded to the upstream Kubernetes Service.
+                          description: |-
+                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                             By default, passHostHeader is true.
                           type: boolean
                         port:
                           anyOf:
                           - type: integer
                           - type: string
-                          description: Port defines the port of a Kubernetes Service.
+                          description: |-
+                            Port defines the port of a Kubernetes Service.
                             This can be a reference to a named port.
                           x-kubernetes-int-or-string: true
                         responseForwarding:
@@ -300,30 +315,29 @@ spec:
                             client.
                           properties:
                             flushInterval:
-                              description: 'FlushInterval defines the interval, in
-                                milliseconds, in between flushes to the client while
-                                copying the response body. A negative value means
-                                to flush immediately after each write to the client.
-                                This configuration is ignored when ReverseProxy recognizes
-                                a response as a streaming response; for such responses,
-                                writes are flushed to the client immediately. Default:
-                                100ms'
+                              description: |-
+                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                A negative value means to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                for such responses, writes are flushed to the client immediately.
+                                Default: 100ms
                               type: string
                           type: object
                         scheme:
-                          description: Scheme defines the scheme to use for the request
-                            to the upstream Kubernetes Service. It defaults to https
-                            when Kubernetes Service port is 443, http otherwise.
+                          description: |-
+                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                           type: string
                         serversTransport:
-                          description: ServersTransport defines the name of ServersTransport
-                            resource to use. It allows to configure the transport
-                            between Traefik and your servers. Can only be used on
-                            a Kubernetes Service.
+                          description: |-
+                            ServersTransport defines the name of ServersTransport resource to use.
+                            It allows to configure the transport between Traefik and your servers.
+                            Can only be used on a Kubernetes Service.
                           type: string
                         sticky:
-                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          description: |-
+                            Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -336,8 +350,9 @@ spec:
                                   description: Name defines the Cookie name.
                                   type: string
                                 sameSite:
-                                  description: 'SameSite defines the same site policy.
-                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  description: |-
+                                    SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                   type: string
                                 secure:
                                   description: Secure defines whether the cookie can
@@ -347,13 +362,13 @@ spec:
                               type: object
                           type: object
                         strategy:
-                          description: Strategy defines the load balancing strategy
-                            between the servers. RoundRobin is the only supported
-                            value at the moment.
+                          description: |-
+                            Strategy defines the load balancing strategy between the servers.
+                            RoundRobin is the only supported value at the moment.
                           type: string
                         weight:
-                          description: Weight defines the weight and should only be
-                            specified when Name references a TraefikService object
+                          description: |-
+                            Weight defines the weight and should only be specified when Name references a TraefikService object
                             (and to be precise, one that embeds a Weighted Round Robin).
                           type: integer
                       required:
@@ -361,8 +376,9 @@ spec:
                       type: object
                     type: array
                   sticky:
-                    description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    description: |-
+                      Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -375,8 +391,9 @@ spec:
                             description: Name defines the Cookie name.
                             type: string
                           sameSite:
-                            description: 'SameSite defines the same site policy. More
-                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            description: |-
+                              SameSite defines the same site policy.
+                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                             type: string
                           secure:
                             description: Secure defines whether the cookie can only

docs/content/reference/static-configuration/cli-ref.md

@@ -127,7 +127,7 @@ Default middlewares for the routers linked to the entry point.
 Applies a permanent redirection. (Default: ```true```)
 
 `--entrypoints.<name>.http.redirections.entrypoint.priority`:  
-Priority of the generated router. (Default: ```2147483646```)
+Priority of the generated router. (Default: ```9223372036854775806```)
 
 `--entrypoints.<name>.http.redirections.entrypoint.scheme`:  
 Scheme used for the redirection. (Default: ```https```)
@@ -171,6 +171,12 @@ Trust all. (Default: ```false```)
 `--entrypoints.<name>.proxyprotocol.trustedips`:  
 Trust only selected IPs.
 
+`--entrypoints.<name>.transport.keepalivemaxrequests`:  
+Maximum number of requests before closing a keep-alive connection. (Default: ```0```)
+
+`--entrypoints.<name>.transport.keepalivemaxtime`:  
+Maximum duration before closing a keep-alive connection. (Default: ```0```)
+
 `--entrypoints.<name>.transport.lifecycle.gracetimeout`:  
 Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
 
@@ -181,7 +187,7 @@ Duration to keep accepting requests before Traefik initiates the graceful shutdo
 IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
 
 `--entrypoints.<name>.transport.respondingtimeouts.readtimeout`:  
-ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
+ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```60```)
 
 `--entrypoints.<name>.transport.respondingtimeouts.writetimeout`:  
 WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
@@ -211,7 +217,7 @@ plugin's version.
 Periodically check if a new version has been released. (Default: ```true```)
 
 `--global.sendanonymoususage`:  
-Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
+Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. (Default: ```false```)
 
 `--hostresolver`:  
 Enable CNAME Flattening. (Default: ```false```)
@@ -906,6 +912,27 @@ Password for authentication.
 `--providers.redis.rootkey`:  
 Root key used for KV store. (Default: ```traefik```)
 
+`--providers.redis.sentinel.latencystrategy`:  
+Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). (Default: ```false```)
+
+`--providers.redis.sentinel.mastername`:  
+Name of the master.
+
+`--providers.redis.sentinel.password`:  
+Password for Sentinel authentication.
+
+`--providers.redis.sentinel.randomstrategy`:  
+Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). (Default: ```false```)
+
+`--providers.redis.sentinel.replicastrategy`:  
+Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). (Default: ```false```)
+
+`--providers.redis.sentinel.usedisconnectedreplicas`:  
+Use replicas disconnected with master when cannot get connected replicas. (Default: ```false```)
+
+`--providers.redis.sentinel.username`:  
+Username for Sentinel authentication.
+
 `--providers.redis.tls.ca`:  
 TLS CA
 

docs/content/reference/static-configuration/env-ref.md

@@ -136,7 +136,7 @@ Default middlewares for the routers linked to the entry point.
 Applies a permanent redirection. (Default: ```true```)
 
 `TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PRIORITY`:  
-Priority of the generated router. (Default: ```2147483646```)
+Priority of the generated router. (Default: ```9223372036854775806```)
 
 `TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`:  
 Scheme used for the redirection. (Default: ```https```)
@@ -171,6 +171,12 @@ Trust all. (Default: ```false```)
 `TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:  
 Trust only selected IPs.
 
+`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_KEEPALIVEMAXREQUESTS`:  
+Maximum number of requests before closing a keep-alive connection. (Default: ```0```)
+
+`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_KEEPALIVEMAXTIME`:  
+Maximum duration before closing a keep-alive connection. (Default: ```0```)
+
 `TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_GRACETIMEOUT`:  
 Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
 
@@ -181,7 +187,7 @@ Duration to keep accepting requests before Traefik initiates the graceful shutdo
 IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
 
 `TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT`:  
-ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
+ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```60```)
 
 `TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:  
 WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
@@ -211,7 +217,7 @@ plugin's version.
 Periodically check if a new version has been released. (Default: ```true```)
 
 `TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:  
-Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
+Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. (Default: ```false```)
 
 `TRAEFIK_HOSTRESOLVER`:  
 Enable CNAME Flattening. (Default: ```false```)
@@ -906,6 +912,27 @@ Password for authentication.
 `TRAEFIK_PROVIDERS_REDIS_ROOTKEY`:  
 Root key used for KV store. (Default: ```traefik```)
 
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_LATENCYSTRATEGY`:  
+Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_MASTERNAME`:  
+Name of the master.
+
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_PASSWORD`:  
+Password for Sentinel authentication.
+
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_RANDOMSTRATEGY`:  
+Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_REPLICASTRATEGY`:  
+Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_USEDISCONNECTEDREPLICAS`:  
+Use replicas disconnected with master when cannot get connected replicas. (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_REDIS_SENTINEL_USERNAME`:  
+Username for Sentinel authentication.
+
 `TRAEFIK_PROVIDERS_REDIS_TLS_CA`:  
 TLS CA
 

docs/content/reference/static-configuration/file.toml

@@ -1,3 +1,5 @@
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
 [global]
   checkNewVersion = true
   sendAnonymousUsage = true
@@ -15,6 +17,8 @@
   [entryPoints.EntryPoint0]
     address = "foobar"
     [entryPoints.EntryPoint0.transport]
+      keepAliveMaxTime = "42s"
+      keepAliveMaxRequests = 42
       [entryPoints.EntryPoint0.transport.lifeCycle]
         requestAcceptGraceTimeout = "42s"
         graceTimeOut = "42s"
@@ -181,10 +185,10 @@
     constraints = "foobar"
     prefix = "foobar"
     stale = true
-    namespace = "foobar"
-    namespaces = ["foobar", "foobar"]
     exposedByDefault = true
     refreshInterval = "42s"
+    namespace = "foobar"
+    namespaces = ["foobar", "foobar"]
     [providers.nomad.endpoint]
       address = "foobar"
       region = "foobar"
@@ -203,10 +207,10 @@
     defaultRule = "foobar"
     clusters = ["foobar", "foobar"]
     autoDiscoverClusters = true
+    ecsAnywhere = true
     region = "foobar"
     accessKeyID = "foobar"
     secretAccessKey = "foobar"
-    ecsAnywhere = true
   [providers.consul]
     rootKey = "foobar"
     endpoints = ["foobar", "foobar"]
@@ -247,6 +251,14 @@
       cert = "foobar"
       key = "foobar"
       insecureSkipVerify = true
+    [providers.redis.sentinel]
+      masterName = "foobar"
+      username = "foobar"
+      password = "foobar"
+      latencyStrategy = true
+      randomStrategy = true
+      replicaStrategy = true
+      useDisconnectedReplicas = true
   [providers.http]
     endpoint = "foobar"
     pollInterval = "42s"
@@ -258,14 +270,18 @@
       key = "foobar"
       insecureSkipVerify = true
   [providers.plugin]
-    [providers.plugin.Descriptor0]
-    [providers.plugin.Descriptor1]
+    [providers.plugin.PluginConf0]
+      name0 = "foobar"
+      name1 = "foobar"
+    [providers.plugin.PluginConf1]
+      name0 = "foobar"
+      name1 = "foobar"
 
 [api]
   insecure = true
   dashboard = true
   debug = true
-  disabledashboardad = false
+  disableDashboardAd = true
 
 [metrics]
   [metrics.prometheus]
@@ -276,8 +292,8 @@
     entryPoint = "foobar"
     manualRouting = true
     [metrics.prometheus.headerLabels]
-      label1 = "foobar"
-      label2 = "foobar"
+      name0 = "foobar"
+      name1 = "foobar"
   [metrics.datadog]
     address = "foobar"
     pushInterval = "42s"
@@ -373,15 +389,15 @@
     localAgentHostPort = "foobar"
     localAgentSocket = "foobar"
     globalTag = "foobar"
-    [tracing.datadog.globalTags]
-      tag1 = "foobar"
-      tag2 = "foobar"
     debug = true
     prioritySampling = true
     traceIDHeaderName = "foobar"
     parentIDHeaderName = "foobar"
     samplingPriorityHeaderName = "foobar"
     bagagePrefixHeaderName = "foobar"
+    [tracing.datadog.globalTags]
+      name0 = "foobar"
+      name1 = "foobar"
   [tracing.instana]
     localAgentHost = "foobar"
     localAgentPort = 42
@@ -445,6 +461,10 @@
         entryPoint = "foobar"
       [certificatesResolvers.CertificateResolver1.acme.tlsChallenge]
 
+[pilot]
+  token = "foobar"
+  dashboard = true
+
 [experimental]
   kubernetesGateway = true
   http3 = true
@@ -456,7 +476,7 @@
       moduleName = "foobar"
       version = "foobar"
   [experimental.localPlugins]
-    [experimental.localPlugins.Descriptor0]
+    [experimental.localPlugins.LocalDescriptor0]
       moduleName = "foobar"
-    [experimental.localPlugins.Descriptor1]
+    [experimental.localPlugins.LocalDescriptor1]
       moduleName = "foobar"

docs/content/reference/static-configuration/file.yaml

@@ -1,3 +1,5 @@
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
 global:
   checkNewVersion: true
   sendAnonymousUsage: true
@@ -22,6 +24,8 @@ entryPoints:
         readTimeout: 42s
         writeTimeout: 42s
         idleTimeout: 42s
+      keepAliveMaxTime: 42s
+      keepAliveMaxRequests: 42
     proxyProtocol:
       insecure: true
       trustedIPs:
@@ -33,7 +37,6 @@ entryPoints:
         - foobar
         - foobar
     http:
-      encodeQuerySemicolons: true
       redirections:
         entryPoint:
           to: foobar
@@ -55,6 +58,7 @@ entryPoints:
             sans:
               - foobar
               - foobar
+      encodeQuerySemicolons: true
     http2:
       maxConcurrentStreams: 42
     http3:
@@ -118,13 +122,13 @@ providers:
       - foobar
     labelSelector: foobar
     ingressClass: foobar
-    throttleDuration: 42s
-    allowEmptyServices: true
-    allowExternalNameServices: true
     ingressEndpoint:
       ip: foobar
       hostname: foobar
       publishedService: foobar
+    throttleDuration: 42s
+    allowEmptyServices: true
+    allowExternalNameServices: true
   kubernetesCRD:
     endpoint: foobar
     token: foobar
@@ -160,6 +164,21 @@ providers:
     prefix: foobar
   consulCatalog:
     constraints: foobar
+    endpoint:
+      address: foobar
+      scheme: foobar
+      datacenter: foobar
+      token: foobar
+      tls:
+        ca: foobar
+        caOptional: true
+        cert: foobar
+        key: foobar
+        insecureSkipVerify: true
+      httpAuth:
+        username: foobar
+        password: foobar
+      endpointWaitTime: 42s
     prefix: foobar
     refreshInterval: 42s
     requireConsistent: true
@@ -175,43 +194,28 @@ providers:
     namespaces:
       - foobar
       - foobar
-    endpoint:
-      address: foobar
-      scheme: foobar
-      datacenter: foobar
-      token: foobar
-      endpointWaitTime: 42s
-      tls:
-        ca: foobar
-        caOptional: true
-        cert: foobar
-        key: foobar
-        insecureSkipVerify: true
-      httpAuth:
-        username: foobar
-        password: foobar
   nomad:
     defaultRule: foobar
     constraints: foobar
-    prefix: foobar
-    stale: true
-    namespace: foobar
-    namespaces:
-      - foobar
-      - foobar
-    exposedByDefault: true
-    refreshInterval: 42s
     endpoint:
       address: foobar
       region: foobar
       token: foobar
-      endpointWaitTime: 42s
       tls:
         ca: foobar
         caOptional: true
         cert: foobar
         key: foobar
         insecureSkipVerify: true
+      endpointWaitTime: 42s
+    prefix: foobar
+    stale: true
+    exposedByDefault: true
+    refreshInterval: 42s
+    namespace: foobar
+    namespaces:
+      - foobar
+      - foobar
   ecs:
     constraints: foobar
     exposedByDefault: true
@@ -221,39 +225,39 @@ providers:
       - foobar
       - foobar
     autoDiscoverClusters: true
+    ecsAnywhere: true
     region: foobar
     accessKeyID: foobar
     secretAccessKey: foobar
-    ecsAnywhere: true
   consul:
     rootKey: foobar
     endpoints:
       - foobar
       - foobar
     token: foobar
-    namespace: foobar
-    namespaces:
-      - foobar
-      - foobar
     tls:
       ca: foobar
       caOptional: true
       cert: foobar
       key: foobar
       insecureSkipVerify: true
+    namespace: foobar
+    namespaces:
+      - foobar
+      - foobar
   etcd:
     rootKey: foobar
     endpoints:
       - foobar
       - foobar
-    username: foobar
-    password: foobar
     tls:
       ca: foobar
       caOptional: true
       cert: foobar
       key: foobar
       insecureSkipVerify: true
+    username: foobar
+    password: foobar
   zooKeeper:
     rootKey: foobar
     endpoints:
@@ -266,15 +270,23 @@ providers:
     endpoints:
       - foobar
       - foobar
-    username: foobar
-    password: foobar
-    db: 42
     tls:
       ca: foobar
       caOptional: true
       cert: foobar
       key: foobar
       insecureSkipVerify: true
+    username: foobar
+    password: foobar
+    db: 42
+    sentinel:
+      masterName: foobar
+      username: foobar
+      password: foobar
+      latencyStrategy: true
+      randomStrategy: true
+      replicaStrategy: true
+      useDisconnectedReplicas: true
   http:
     endpoint: foobar
     pollInterval: 42s
@@ -286,13 +298,17 @@ providers:
       key: foobar
       insecureSkipVerify: true
   plugin:
-    Descriptor0: {}
-    Descriptor1: {}
+    PluginConf0:
+      name0: foobar
+      name1: foobar
+    PluginConf1:
+      name0: foobar
+      name1: foobar
 api:
   insecure: true
   dashboard: true
   debug: true
-  disabledashboardad: false
+  disableDashboardAd: true
 metrics:
   prometheus:
     buckets:
@@ -304,8 +320,8 @@ metrics:
     entryPoint: foobar
     manualRouting: true
     headerLabels:
-      label1: foobar
-      label2: foobar
+      name0: foobar
+      name1: foobar
   datadog:
     address: foobar
     pushInterval: 42s
@@ -385,11 +401,11 @@ tracing:
     gen128Bit: true
     propagation: foobar
     traceContextHeaderName: foobar
-    disableAttemptReconnecting: true
     collector:
       endpoint: foobar
       user: foobar
       password: foobar
+    disableAttemptReconnecting: true
   zipkin:
     httpEndpoint: foobar
     sameSpan: true
@@ -400,8 +416,8 @@ tracing:
     localAgentSocket: foobar
     globalTag: foobar
     globalTags:
-      tag1: foobar
-      tag2: foobar
+      name0: foobar
+      name1: foobar
     debug: true
     prioritySampling: true
     traceIDHeaderName: foobar
@@ -434,13 +450,13 @@ certificatesResolvers:
     acme:
       email: foobar
       caServer: foobar
-      certificatesDuration: 42
       preferredChain: foobar
       storage: foobar
       keyType: foobar
       eab:
         kid: foobar
         hmacEncoded: foobar
+      certificatesDuration: 42
       dnsChallenge:
         provider: foobar
         delayBeforeCheck: 42s
@@ -455,13 +471,13 @@ certificatesResolvers:
     acme:
       email: foobar
       caServer: foobar
-      certificatesDuration: 42
       preferredChain: foobar
       storage: foobar
       keyType: foobar
       eab:
         kid: foobar
         hmacEncoded: foobar
+      certificatesDuration: 42
       dnsChallenge:
         provider: foobar
         delayBeforeCheck: 42s
@@ -472,10 +488,10 @@ certificatesResolvers:
       httpChallenge:
         entryPoint: foobar
       tlsChallenge: {}
-
+pilot:
+  token: foobar
+  dashboard: true
 experimental:
-  kubernetesGateway: true
-  http3: true
   plugins:
     Descriptor0:
       moduleName: foobar
@@ -484,7 +500,9 @@ experimental:
       moduleName: foobar
       version: foobar
   localPlugins:
-    Descriptor0:
+    LocalDescriptor0:
       moduleName: foobar
-    Descriptor1:
+    LocalDescriptor1:
       moduleName: foobar
+  kubernetesGateway: true
+  http3: true

docs/content/routing/entrypoints.md

@@ -227,8 +227,8 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
     ```
 
     ```bash tab="CLI"
-    --entrypoints.specificIPv4.address=192.168.2.7:8888
-    --entrypoints.specificIPv6.address=[2001:db8::1]:8888
+    --entryPoints.specificIPv4.address=192.168.2.7:8888
+    --entryPoints.specificIPv6.address=[2001:db8::1]:8888
     ```
 
     Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
@@ -295,7 +295,7 @@ In most scenarios, this entryPoint is the same as the one used for TLS traffic.
     
     ```bash tab="CLI"
     --experimental.http3=true 
-    --entrypoints.name.http3
+    --entryPoints.name.http3
     ```
 
 #### `advertisedPort`
@@ -326,7 +326,7 @@ It can be used to override the authority in the `alt-svc` header, for example if
     
     ```bash tab="CLI"
     --experimental.http3=true 
-    --entrypoints.name.http3.advertisedport=443
+    --entryPoints.name.http3.advertisedport=443
     ```
 
 ### Forwarded Headers
@@ -402,13 +402,14 @@ Setting them has no effect for UDP entryPoints.
 
 ??? info "`transport.respondingTimeouts.readTimeout`"
 
-    _Optional, Default=0s_
+    _Optional, Default=60s_
 
     `readTimeout` is the maximum duration for reading the entire request, including the body.
 
     If zero, no timeout exists.  
     Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
     If no units are provided, the value is parsed assuming seconds.
+    We strongly suggest to adapt this value accordingly to the your needs.
 
     ```yaml tab="File (YAML)"
     ## Static configuration
@@ -589,17 +590,77 @@ Controls the behavior of Traefik during the shutdown phase.
     --entryPoints.name.transport.lifeCycle.graceTimeOut=42
     ```
 
+#### `keepAliveMaxRequests`
+
+_Optional, Default=0_
+
+The maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit.
+
+```yaml tab="File (YAML)"
+## Static configuration
+entryPoints:
+  name:
+    address: ":8888"
+    transport:
+      keepAliveMaxRequests: 42
+```
+
+```toml tab="File (TOML)"
+## Static configuration
+[entryPoints]
+  [entryPoints.name]
+    address = ":8888"
+    [entryPoints.name.transport]
+      keepAliveMaxRequests = 42
+```
+
+```bash tab="CLI"
+## Static configuration
+--entryPoints.name.address=:8888
+--entryPoints.name.transport.keepAliveMaxRequests=42
+```
+
+#### `keepAliveMaxTime`
+
+_Optional, Default=0s_
+
+The maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit.
+
+```yaml tab="File (YAML)"
+## Static configuration
+entryPoints:
+  name:
+    address: ":8888"
+    transport:
+      keepAliveMaxTime: 42s
+```
+
+```toml tab="File (TOML)"
+## Static configuration
+[entryPoints]
+  [entryPoints.name]
+    address = ":8888"
+    [entryPoints.name.transport]
+      keepAliveMaxTime = "42s"
+```
+
+```bash tab="CLI"
+## Static configuration
+--entryPoints.name.address=:8888
+--entryPoints.name.transport.keepAliveMaxTime=42s
+```
+
 ### ProxyProtocol
 
-Traefik supports [ProxyProtocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2.
+Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2.
 
-If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers.
 
-If the Proxy Protocol header is passed, then the version is determined automatically.
+If the PROXY protocol header is passed, then the version is determined automatically.
 
 ??? info "`proxyProtocol.trustedIPs`"
 
-    Enabling Proxy Protocol with Trusted IPs.
+    Enabling PROXY protocol with Trusted IPs.
 
     ```yaml tab="File (YAML)"
     ## Static configuration
@@ -662,7 +723,7 @@ If the Proxy Protocol header is passed, then the version is determined automatic
 
 !!! warning "Queuing Traefik behind Another Load Balancer"
 
-    When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides.
+    When queuing Traefik behind another load-balancer, make sure to configure PROXY protocol on both sides.
     Not doing so could introduce a security risk in your system (enabling request forgery).
 
 ## HTTP Options
@@ -702,10 +763,10 @@ This whole section is dedicated to options, keyed by entry point, that will appl
     ```
 
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.web.http.redirections.entryPoint.to=websecure
-    --entrypoints.web.http.redirections.entryPoint.scheme=https
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.web.http.redirections.entryPoint.to=websecure
+    --entryPoints.web.http.redirections.entryPoint.scheme=https
+    --entryPoints.websecure.address=:443
     ```
 
 #### `entryPoint`
@@ -740,7 +801,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
     ```
 
     ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entryPoint.to=websecure
+    --entryPoints.foo.http.redirections.entryPoint.to=websecure
     ```
 
 ??? info "`entryPoint.scheme`"
@@ -770,7 +831,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
     ```
 
     ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entryPoint.scheme=https
+    --entryPoints.foo.http.redirections.entryPoint.scheme=https
     ```
 
 ??? info "`entryPoint.permanent`"
@@ -800,12 +861,12 @@ This section is a convenience to enable (permanent) redirecting of all incoming
     ```
 
     ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entrypoint.permanent=true
+    --entryPoints.foo.http.redirections.entrypoint.permanent=true
     ```
 
 ??? info "`entryPoint.priority`"
 
-    _Optional, Default=MaxInt32-1 (2147483646)_
+    _Optional, Default=MaxInt-1_
 
     Priority of the generated router.
 
@@ -830,7 +891,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
     ```
 
     ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entrypoint.priority=10
+    --entryPoints.foo.http.redirections.entrypoint.priority=10
     ```
 
 ### EncodeQuerySemicolons
@@ -858,8 +919,8 @@ entryPoints:
 ```
 
 ```bash tab="CLI"
---entrypoints.websecure.address=:443
---entrypoints.websecure.http.encodequerysemicolons=true
+--entryPoints.websecure.address=:443
+--entryPoints.websecure.http.encodequerysemicolons=true
 ```
 
 #### Examples
@@ -894,8 +955,8 @@ entryPoints:
 ```
 
 ```bash tab="CLI"
---entrypoints.websecure.address=:443
---entrypoints.websecure.http.middlewares=auth@file,strip@file
+--entryPoints.websecure.address=:443
+--entryPoints.websecure.http.middlewares=auth@file,strip@file
 ```
 
 ### TLS
@@ -941,13 +1002,13 @@ entryPoints:
 ```
 
 ```bash tab="CLI"
---entrypoints.websecure.address=:443
---entrypoints.websecure.http.tls.options=foobar
---entrypoints.websecure.http.tls.certResolver=leresolver
---entrypoints.websecure.http.tls.domains[0].main=example.com
---entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
---entrypoints.websecure.http.tls.domains[1].main=test.com
---entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
+--entryPoints.websecure.address=:443
+--entryPoints.websecure.http.tls.options=foobar
+--entryPoints.websecure.http.tls.certResolver=leresolver
+--entryPoints.websecure.http.tls.domains[0].main=example.com
+--entryPoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
+--entryPoints.websecure.http.tls.domains[1].main=test.com
+--entryPoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
 ```
 
 ??? example "Let's Encrypt"
@@ -970,8 +1031,8 @@ entryPoints:
     ```
 
     ```bash tab="CLI"
-    --entrypoints.websecure.address=:443
-    --entrypoints.websecure.http.tls.certResolver=leresolver
+    --entryPoints.websecure.address=:443
+    --entryPoints.websecure.http.tls.certResolver=leresolver
     ```
 
 ## UDP Options
@@ -1002,8 +1063,8 @@ entryPoints:
 ```
 
 ```bash tab="CLI"
-entrypoints.foo.address=:8000/udp
-entrypoints.foo.udp.timeout=10s
+--entryPoints.foo.address=:8000/udp
+--entryPoints.foo.udp.timeout=10s
 ```
 
 {!traefik-for-business-applications.md!}

docs/content/routing/providers/consul-catalog.md

@@ -12,6 +12,14 @@ A Story of Tags, Services & Instances
 
 Attach tags to your services and let Traefik do the rest!
 
+One of the best feature of Traefik is to delegate the routing configuration to the application level.
+With Consul Catalog, Traefik can leverage tags attached to a service to generate routing rules.
+
+!!! warning "Tags & sensitive data"
+
+    We recommend to *not* use tags to store sensitive data (certificates, credentials, etc).
+    Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).
+
 ## Routing Configuration
 
 !!! info "tags"

docs/content/routing/providers/docker.md

@@ -12,9 +12,17 @@ A Story of Labels & Containers
 
 Attach labels to your containers and let Traefik do the rest!
 
+One of the best feature of Traefik is to delegate the routing configuration to the application level.
+With Docker, Traefik can leverage labels attached to a container to generate routing rules.
+
+!!! warning "Labels & sensitive data"
+
+    We recommend to *not* use labels to store sensitive data (certificates, credentials, etc).
+    Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).
+
 ## Configuration Examples
 
-??? example "Configuring Docker & Deploying / Exposing Services"
+??? example "Configuring Docker & Deploying / Exposing one Service"
 
     Enabling the docker provider
 
@@ -42,48 +50,7 @@ Attach labels to your containers and let Traefik do the rest!
           - traefik.http.routers.my-container.rule=Host(`example.com`)
     ```
 
-??? example "Specify a Custom Port for the Container"
-
-    Forward requests for `http://example.com` to `http://<private IP of container>:12345`:
-
-    ```yaml
-    version: "3"
-    services:
-      my-container:
-        # ...
-        labels:
-          - traefik.http.routers.my-container.rule=Host(`example.com`)
-          # Tell Traefik to use the port 12345 to connect to `my-container`
-          - traefik.http.services.my-service.loadbalancer.server.port=12345
-    ```
-
-    !!! important "Traefik Connecting to the Wrong Port: `HTTP/502 Gateway Error`"
-        By default, Traefik uses the first exposed port of a container.
-
-        Setting the label `traefik.http.services.xxx.loadbalancer.server.port`
-        overrides that behavior.
-
-??? example "Specifying more than one router and service per container"
-
-    Forwarding requests to more than one port on a container requires referencing the service loadbalancer port definition using the service parameter on the router.
-
-    In this example, requests are forwarded for `http://example-a.com` to `http://<private IP of container>:8000` in addition to `http://example-b.com` forwarding to `http://<private IP of container>:9000`:
-
-    ```yaml
-    version: "3"
-    services:
-      my-container:
-        # ...
-        labels:
-          - traefik.http.routers.www-router.rule=Host(`example-a.com`)
-          - traefik.http.routers.www-router.service=www-service
-          - traefik.http.services.www-service.loadbalancer.server.port=8000
-          - traefik.http.routers.admin-router.rule=Host(`example-b.com`)
-          - traefik.http.routers.admin-router.service=admin-service
-          - traefik.http.services.admin-service.loadbalancer.server.port=9000
-    ```
-
-??? example "Configuring Docker Swarm & Deploying / Exposing Services"
+??? example "Configuring Docker Swarm & Deploying / Exposing one Service"
 
     Enabling the docker provider (Swarm Mode)
 
@@ -114,7 +81,9 @@ Attach labels to your containers and let Traefik do the rest!
     --providers.docker.swarmMode=true
     ```
 
-    Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
+    Attach labels to services (not containers) while in Swarm mode (in your Docker compose file).
+    When there is only one service, and the router does not specify a service,
+    then that service is automatically assigned to the router.
 
     ```yaml
     version: "3"
@@ -131,6 +100,49 @@ Attach labels to your containers and let Traefik do the rest!
         Therefore, if you use a compose file with Swarm Mode, labels should be defined in the `deploy` part of your service.
         This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/compose-file-v3/#labels-1)).
 
+??? example "Specify a Custom Port for the Container"
+
+    Forward requests for `http://example.com` to `http://<private IP of container>:12345`:
+
+    ```yaml
+    version: "3"
+    services:
+      my-container:
+        # ...
+        labels:
+          - traefik.http.routers.my-container.rule=Host(`example.com`)
+          - traefik.http.routers.my-container.service=my-service"
+          # Tell Traefik to use the port 12345 to connect to `my-container`
+          - traefik.http.services.my-service.loadbalancer.server.port=12345
+    ```
+
+    !!! important "Traefik Connecting to the Wrong Port: `HTTP/502 Gateway Error`"
+        By default, Traefik uses the lowest exposed port of a container as detailed in
+        [Port Detection](../providers/docker.md#port-detection) of the Docker provider.
+
+        Setting the label `traefik.http.services.xxx.loadbalancer.server.port`
+        overrides this behavior.
+
+??? example "Specifying more than one router and service per container"
+
+    Forwarding requests to more than one port on a container requires referencing the service loadbalancer port definition using the service parameter on the router.
+
+    In this example, requests are forwarded for `http://example-a.com` to `http://<private IP of container>:8000` in addition to `http://example-b.com` forwarding to `http://<private IP of container>:9000`:
+
+    ```yaml
+    version: "3"
+    services:
+      my-container:
+        # ...
+        labels:
+          - traefik.http.routers.www-router.rule=Host(`example-a.com`)
+          - traefik.http.routers.www-router.service=www-service
+          - traefik.http.services.www-service.loadbalancer.server.port=8000
+          - traefik.http.routers.admin-router.rule=Host(`example-b.com`)
+          - traefik.http.routers.admin-router.service=admin-service
+          - traefik.http.services.admin-service.loadbalancer.server.port=9000
+    ```
+
 ## Routing Configuration
 
 !!! info "Labels"
@@ -149,7 +161,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
 
 --8<-- "content/routing/providers/service-by-label.md"
 
-??? example "Automatic service assignment with labels"
+??? example "Automatic assignment with one Service"
 
     With labels in a compose file
 
@@ -160,7 +172,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
       - "traefik.http.services.myservice.loadbalancer.server.port=80"
     ```
 
-??? example "Automatic service creation and assignment with labels"
+??? example "Automatic service creation with one Router"
 
     With labels in a compose file
 
@@ -171,6 +183,18 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
       - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
     ```
 
+??? example "Explicit definition with one Service"
+
+    With labels in a compose file
+
+    ```yaml
+    labels:
+      - traefik.http.routers.www-router.rule=Host(`example-a.com`)
+      # Explicit link between the router and the service
+      - traefik.http.routers.www-router.service=www-service
+      - traefik.http.services.www-service.loadbalancer.server.port=8000
+    ```
+
 ### Routers
 
 To update the configuration of the Router automatically attached to the container,
@@ -460,7 +484,7 @@ More information about available middlewares in the dedicated [middlewares secti
 
 You can declare TCP Routers and/or Services using labels.
 
-??? example "Declaring TCP Routers and Services"
+??? example "Declaring TCP Routers with one Service"
 
     ```yaml
        services:
@@ -589,7 +613,7 @@ You can declare TCP Routers and/or Services using labels.
 
 You can declare UDP Routers and/or Services using labels.
 
-??? example "Declaring UDP Routers and Services"
+??? example "Declaring UDP Routers with one Service"
 
     ```yaml
        services:

docs/content/routing/providers/ecs.md

@@ -10,6 +10,14 @@ A Story of Labels & Elastic Containers
 
 Attach labels to your containers and let Traefik do the rest!
 
+One of the best feature of Traefik is to delegate the routing configuration to the application level.
+With ECS, Traefik can leverage labels attached to a container to generate routing rules.
+
+!!! warning "Labels & sensitive data"
+
+    We recommend to *not* use labels to store sensitive data (certificates, credentials, etc).
+    Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).
+
 ## Routing Configuration
 
 !!! info "labels"

docs/content/routing/providers/kubernetes-crd.md

@@ -48,14 +48,14 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
           serviceAccountName: traefik-ingress-controller
           containers:
             - name: traefik
-              image: traefik:v2.10
+              image: traefik:v2.11
               args:
                 - --log.level=DEBUG
                 - --api
                 - --api.insecure
-                - --entrypoints.web.address=:80
-                - --entrypoints.tcpep.address=:8000
-                - --entrypoints.udpep.address=:9000/udp
+                - --entryPoints.web.address=:80
+                - --entryPoints.tcpep.address=:8000
+                - --entryPoints.udpep.address=:9000/udp
                 - --providers.kubernetescrd
               ports:
                 - name: web
@@ -371,7 +371,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
 | [4]  | `routes[n].priority`           | Defines the [priority](../routers/index.md#priority) to disambiguate rules of the same length, for route matching                                                                                                                                                                            |
 | [5]  | `routes[n].middlewares`        | List of reference to [Middleware](#kind-middleware)                                                                                                                                                                                                                                          |
 | [6]  | `middlewares[n].name`          | Defines the [Middleware](#kind-middleware) name                                                                                                                                                                                                                                              |
-| [7]  | `middlewares[n].namespace`     | Defines the [Middleware](#kind-middleware) namespace                                                                                                                                                                                                                                         |
+| [7]  | `middlewares[n].namespace`     | Defines the [Middleware](#kind-middleware) namespace. It can be omitted when the Middleware is in the IngressRoute namespace.                                                                                                                                                                    |
 | [8]  | `routes[n].services`           | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup)                                                                     |
 | [9]  | `services[n].port`             | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.                                                                                                                                       |
 | [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
@@ -897,15 +897,15 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
     
     spec:
       mirroring:
-        name: svc1
+        name: svc1                      # svc1 receives 100% of the traffic
         port: 80
         mirrors:
-          - name: svc2
+          - name: svc2                  # svc2 receives a copy of 20% of this traffic
             port: 80
             percent: 20
-          - name: svc3
+          - name: svc3                  # svc3 receives a copy of 15% of this traffic
             kind: TraefikService
-            percent: 20
+            percent: 15
     ```
     
     ```yaml tab="Mirroring Traefik Service"
@@ -918,15 +918,15 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
     
     spec:
       mirroring:
-        name: wrr1
+        name: wrr1                      # wrr1 receives 100% of the traffic
         kind: TraefikService
-         mirrors:
-           - name: svc2
-             port: 80
-             percent: 20
-           - name: svc3
-             kind: TraefikService
-             percent: 20
+        mirrors:
+          - name: svc2                  # svc2 receives a copy of 20% of this traffic
+            port: 80
+            percent: 20
+          - name: svc3                  # svc3 receives a copy of 10% of this traffic
+            kind: TraefikService
+            percent: 10
     ```
 
     ```yaml tab="K8s Service"

docs/content/routing/providers/kubernetes-gateway.md

@@ -233,7 +233,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
             - headers:                          # [11]
                 name: foo                       # [12]
                 value: bar                      # [13]
-        - backendRefs:                          # [14]
+          backendRefs:                          # [14]
             - name: whoamitcp                   # [15]
               weight: 1                         # [16]
               port: 8080                        # [17]
@@ -252,7 +252,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
 | [6]  | `rules`       | A list of HTTP matchers, filters and actions.                                                                                                                               |
 | [7]  | `matches`     | Conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. |
 | [8]  | `path`        | An HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided.                                                           |
-| [9]  | `type`        | Type of match against the path Value (supported types: `Exact`, `Prefix`).                                                                                                  |
+| [9]  | `type`        | Type of match against the path Value (supported types: `Exact`, `PathPrefix`).                                                                                              |
 | [10] | `value`       | The value of the HTTP path to match against.                                                                                                                                |
 | [11] | `headers`     | Conditions to select a HTTP route by matching HTTP request headers.                                                                                                         |
 | [12] | `type`        | Type of match for the HTTP request header match against the `values` (supported types: `Exact`).                                                                            |

docs/content/routing/providers/kubernetes-ingress.md

@@ -147,9 +147,9 @@ which in turn will create the resulting routers, services, handlers, etc.
           serviceAccountName: traefik-ingress-controller
           containers:
             - name: traefik
-              image: traefik:v2.10
+              image: traefik:v2.11
               args:
-                - --entrypoints.web.address=:80
+                - --entryPoints.web.address=:80
                 - --providers.kubernetesingress
               ports:
                 - name: web
@@ -396,8 +396,8 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry
 
 ```bash tab="CLI"
 # Static configuration
---entrypoints.websecure.address=:443
---entrypoints.websecure.http.tls
+--entryPoints.websecure.address=:443
+--entryPoints.websecure.http.tls
 ```
 
 ```yaml tab="File (YAML)"
@@ -550,10 +550,10 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
           serviceAccountName: traefik-ingress-controller
           containers:
             - name: traefik
-              image: traefik:v2.10
+              image: traefik:v2.11
               args:
-                - --entrypoints.websecure.address=:443
-                - --entrypoints.websecure.http.tls
+                - --entryPoints.websecure.address=:443
+                - --entryPoints.websecure.http.tls
                 - --providers.kubernetesingress
               ports:
                 - name: websecure
@@ -760,9 +760,9 @@ For more options, please refer to the available [annotations](#on-ingress).
           serviceAccountName: traefik-ingress-controller
           containers:
             - name: traefik
-              image: traefik:v2.10
+              image: traefik:v2.11
               args:
-                - --entrypoints.websecure.address=:443
+                - --entryPoints.websecure.address=:443
                 - --providers.kubernetesingress
               ports:
                 - name: websecure

docs/content/routing/providers/nomad.md

@@ -12,6 +12,14 @@ A story of Tags, Services & Nomads
 
 Attach tags to your Nomad services and let Traefik do the rest!
 
+One of the best feature of Traefik is to delegate the routing configuration to the application level.
+With Nomad, Traefik can leverage tags attached to a service to generate routing rules.
+
+!!! warning "Tags & sensitive data"
+
+    We recommend to *not* use tags to store sensitive data (certificates, credentials, etc).
+    Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).
+
 ## Routing Configuration
 
 !!! info "tags"

docs/content/routing/providers/rancher.md

@@ -12,6 +12,14 @@ A Story of Labels, Services & Containers
 
 Attach labels to your services and let Traefik do the rest!
 
+One of the best feature of Traefik is to delegate the routing configuration to the application level.
+With Rancher, Traefik can leverage labels attached to a service to generate routing rules.
+
+!!! warning "Labels & sensitive data"
+
+    We recommend to *not* use labels to store sensitive data (certificates, credentials, etc).
+    Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).
+
 !!! important "This provider is specific to Rancher 1.x."
     
     Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query.

docs/content/routing/routers/index.md

@@ -146,9 +146,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
 
     ```bash tab="CLI"
     ## Static configuration
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
-    --entrypoints.other.address=:9090
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
+    --entryPoints.other.address=:9090
     ```
 
 ??? example "Listens to Specific EntryPoints"
@@ -204,9 +204,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
 
     ```bash tab="CLI"
     ## Static configuration
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
-    --entrypoints.other.address=:9090
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
+    --entryPoints.other.address=:9090
     ```
 
 ### Rule
@@ -293,6 +293,14 @@ To avoid path overlap, routes are sorted, by default, in descending order using
 
 A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
 
+??? warning "Maximum Value"
+  
+    Traefik reserves a range of priorities for its internal routers,
+    the maximum user-defined router priority value is:
+
+      - `(MaxInt32 - 1000)` for 32-bit platforms,
+      - `(MaxInt64 - 1000)` for 64-bit platforms.
+
 ??? info "How default priorities are computed"
 
     ```yaml tab="File (YAML)"
@@ -667,7 +675,8 @@ The [supported `provider` table](../../https/acme.md#providers) indicates if the
 
 ### General
 
-If both HTTP routers and TCP routers listen to the same entry points, the TCP routers will apply *before* the HTTP routers.
+For non-TLS connections, if HTTP and TCP routers listen on the same EntryPoint, the TCP routers will apply *before* the HTTP routers.
+For TLS connections, if HTTPS and TCP-TLS routers listen on the same EntryPoint, the HTTPS routers will apply *before* the TCP-TLS routers.
 If no matching route is found for the TCP routers, then the HTTP routers will take over.
 
 ### EntryPoints
@@ -747,9 +756,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
 
     ```bash tab="CLI"
     ## Static configuration
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
-    --entrypoints.other.address=:9090
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
+    --entryPoints.other.address=:9090
     ```
 
 ??? example "Listens to Specific Entry Points"
@@ -811,9 +820,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
 
     ```bash tab="CLI"
     ## Static configuration
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
-    --entrypoints.other.address=:9090
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
+    --entryPoints.other.address=:9090
     ```
 
 ### Rule
@@ -896,6 +905,14 @@ The priority is directly equal to the length of the rule, and so the longest len
 
 A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
 
+??? warning "Maximum Value"
+
+    Traefik reserves a range of priorities for its internal routers,
+    the maximum user-defined router priority value is:
+
+      - `(MaxInt32 - 1000)` for 32-bit platforms,
+      - `(MaxInt64 - 1000)` for 64-bit platforms.
+
 ??? info "How default priorities are computed"
 
     ```yaml tab="File (YAML)"
@@ -1263,9 +1280,9 @@ If one wants to limit the router scope to a set of entry points, one should set
 
     ```bash tab="CLI"
     ## Static configuration
-    --entrypoints.web.address=":80"
-    --entrypoints.other.address=":9090/udp"
-    --entrypoints.streaming.address=":9191/udp"
+    --entryPoints.web.address=":80"
+    --entryPoints.other.address=":9090/udp"
+    --entryPoints.streaming.address=":9191/udp"
     ```
 
 ??? example "Listens to Specific Entry Points"
@@ -1320,9 +1337,9 @@ If one wants to limit the router scope to a set of entry points, one should set
 
     ```bash tab="CLI"
     ## Static configuration
-    --entrypoints.web.address=":80"
-    --entrypoints.other.address=":9090/udp"
-    --entrypoints.streaming.address=":9191/udp"
+    --entryPoints.web.address=":80"
+    --entryPoints.other.address=":9090/udp"
+    --entryPoints.streaming.address=":9191/udp"
     ```
 
 ### Services

docs/content/routing/services/index.md

@@ -744,7 +744,7 @@ spec:
 
 #### `peerCertURI`
 
-_Optional, Default=false_
+_Optional, Default=""_
 
 `peerCertURI` defines the URI used to match against SAN URIs during the server's certificate verification.
 

docs/content/user-guides/crd-acme/03-deployments.yml

@@ -26,12 +26,12 @@ spec:
       serviceAccountName: traefik-ingress-controller
       containers:
         - name: traefik
-          image: traefik:v2.10
+          image: traefik:v2.11
           args:
             - --api.insecure
             - --accesslog
-            - --entrypoints.web.Address=:8000
-            - --entrypoints.websecure.Address=:4443
+            - --entryPoints.web.Address=:8000
+            - --entryPoints.websecure.Address=:4443
             - --providers.kubernetescrd
             - --certificatesresolvers.myresolver.acme.tlschallenge
             - --certificatesresolvers.myresolver.acme.email=foo@you.com

docs/content/user-guides/crd-acme/index.md

@@ -49,10 +49,10 @@ and the RBAC authorization resources which will be referenced through the `servi
 
 ```bash
 # Install Traefik Resource Definitions:
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
 
 # Install RBAC for Traefik:
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
 ```
 
 ### Services
@@ -60,7 +60,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/co
 Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/02-services.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/user-guides/crd-acme/02-services.yml
 ```
 
 ```yaml
@@ -73,7 +73,7 @@ Next, the deployments, i.e. the actual pods behind the services.
 Again, one pod for Traefik, and one for the whoami app.
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/03-deployments.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/user-guides/crd-acme/03-deployments.yml
 ```
 
 ```yaml
@@ -100,7 +100,7 @@ Look it up.
 We can now finally apply the actual ingressRoutes, with:
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/04-ingressroutes.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/user-guides/crd-acme/04-ingressroutes.yml
 ```
 
 ```yaml
@@ -126,7 +126,7 @@ Nowadays, TLS v1.0 and v1.1 are deprecated.
 In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/user-guides/crd-acme/05-tlsoption.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/user-guides/crd-acme/05-tlsoption.yml
 ```
 
 ```yaml