Prepare release v2.11.1

Adjust ECS network interface detection logic
Add a horizontal scroll for the mobile view
2025-09-06 05:44:21 +03:00 · 2024-04-10 11:52:03 +02:00 · 2024-04-10 10:42:04 +02:00 · 2024-04-10 10:22:11 +02:00 · 2024-04-10 09:50:04 +02:00 · 2024-04-09 13:12:04 +02:00
722 changed files with 24767 additions and 22808 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,5 +1,5 @@
 dist/
-!dist/traefik
+!dist/**/traefik
 site/
 vendor/
 .idea/
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -2,11 +2,11 @@
 PLEASE READ THIS MESSAGE.

 Documentation fixes or enhancements:
- for Traefik v2: use branch v2.10
+- for Traefik v2: use branch v2.11
 - for Traefik v3: use branch v3.0

 Bug fixes:
- for Traefik v2: use branch v2.10
+- for Traefik v2: use branch v2.11
 - for Traefik v3: use branch v3.0

 Enhancements:
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -6,18 +6,17 @@ on:
      - '*'

 env:
-  GO_VERSION: '1.20'
+  GO_VERSION: '1.22'
  CGO_ENABLED: 0
-  IN_DOCKER: ""

 jobs:

  build-webui:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04

    steps:
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

@@ -27,7 +26,7 @@ jobs:
          tar czvf webui.tar.gz ./webui/static/

      - name: Artifact webui
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
        with:
          name: webui.tar.gz
          path: webui.tar.gz
@@ -36,41 +35,25 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        os: [ ubuntu-20.04, macos-latest, windows-latest ]
+        os: [ ubuntu-22.04, macos-latest, windows-latest ]
    needs:
      - build-webui
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik

    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}

-      - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          path: go/src/github.com/traefik/traefik
-          fetch-depth: 0
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-            ~/Library/Caches/go-build
-            '%LocalAppData%\go-build'
-          key: ${{ runner.os }}-build-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-go-
-
      - name: Artifact webui
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v4
        with:
          name: webui.tar.gz
-          path: ${{ github.workspace }}/go/src/github.com/traefik/traefik

      - name: Untar webui
        run: tar xvf webui.tar.gz
--- a/.github/workflows/check_doc.yml
+++ b/.github/workflows/check_doc.yml
@@ -9,11 +9,11 @@ jobs:

  docs:
    name: Check, verify and build documentation
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04

    steps:
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - master
+      - v*
+  schedule:
+    - cron: '11 22 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: setup go
+      uses: actions/setup-go@v5
+      if: ${{ matrix.language == 'go' }}
+      with:
+        go-version-file: 'go.mod'
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
--- a/.github/workflows/documentation.yml
+++ b/.github/workflows/documentation.yml
@@ -14,12 +14,12 @@ jobs:

  docs:
    name: Doc Process
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
    if: github.repository == 'traefik/traefik'

    steps:
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

--- a/.github/workflows/experimental.yaml
+++ b/.github/workflows/experimental.yaml
@@ -6,32 +6,54 @@ on:
      - master
      - v*

+env:
+  GO_VERSION: '1.22'
+  CGO_ENABLED: 0
+
 jobs:

  experimental:
    if: github.repository == 'traefik/traefik'
    name: Build experimental image on branch
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04

    steps:

      # https://github.com/marketplace/actions/checkout
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0

+      - name: Build webui
+        run: |
+          make clean-webui generate-webui
+
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Build
+        run: make generate binary
+
      - name: Branch name
        run: echo ${GITHUB_REF##*/}

-      - name: Build docker experimental image
-        run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
-
      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

-      - name: Push to Docker Hub
-        run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build docker experimental image
+        env:
+          DOCKER_BUILDX_ARGS: "--push"
+        run: |
+          make multi-arch-image-experimental-${GITHUB_REF##*/}
--- a/.github/workflows/test-integration.yaml
+++ b/.github/workflows/test-integration.yaml
@@ -0,0 +1,75 @@
+name: Test Integration
+
+on:
+  pull_request:
+    branches:
+      - '*'
+  push:
+    branches:
+      - 'gh-actions'
+
+env:
+  GO_VERSION: '1.22'
+  CGO_ENABLED: 0
+
+jobs:
+
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Avoid generating webui
+        run: touch webui/static/index.html
+
+      - name: Build binary
+        run: make binary
+
+  test-integration:
+    runs-on: ubuntu-22.04
+    needs:
+      - build
+    strategy:
+      fail-fast: true
+      matrix:
+        parallel: [12]
+        index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 , 11]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Avoid generating webui
+        run: touch webui/static/index.html
+
+      - name: Build binary
+        run: make binary
+
+      - name: Generate go test Slice
+        id: test_split
+        uses: hashicorp-forge/go-test-split-action@v1
+        with:
+          packages: ./integration
+          total: ${{ matrix.parallel }}
+          index: ${{ matrix.index }}
+
+      - name: Run Integration tests
+        run: |
+          TESTS=$(echo "${{ steps.test_split.outputs.run}}" | sed 's/\$/\$\$/g')
+          TESTFLAGS="-run \"${TESTS}\"" make test-integration
--- a/.github/workflows/test-unit.yaml
+++ b/.github/workflows/test-unit.yaml
@@ -6,38 +6,23 @@ on:
      - '*'

 env:
-  GO_VERSION: '1.20'
-  IN_DOCKER: ""
+  GO_VERSION: '1.22'

 jobs:

  test-unit:
-    runs-on: ubuntu-20.04
-
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
+    runs-on: ubuntu-22.04

    steps:
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
-          path: go/src/github.com/traefik/traefik
          fetch-depth: 0

-      - name: Cache Go modules
-        uses: actions/cache@v3
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-test-unit-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-test-unit-go-
+          go-version: ${{ env.GO_VERSION }}

      - name: Avoid generating webui
        run: touch webui/static/index.html
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -6,40 +6,25 @@ on:
      - '*'

 env:
-  GO_VERSION: '1.20'
-  GOLANGCI_LINT_VERSION: v1.52.2
-  MISSSPELL_VERSION: v0.4.0
-  IN_DOCKER: ""
+  GO_VERSION: '1.22'
+  GOLANGCI_LINT_VERSION: v1.57.0
+  MISSSPELL_VERSION: v0.4.1

 jobs:

  validate:
-    runs-on: ubuntu-20.04
-
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
+    runs-on: ubuntu-22.04

    steps:
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
      - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
-          path: go/src/github.com/traefik/traefik
          fetch-depth: 0

-      - name: Cache Go modules
-        uses: actions/cache@v3
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-validate-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-validate-go-
+          go-version: ${{ env.GO_VERSION }}

      - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
@@ -54,36 +39,22 @@ jobs:
        run: make validate

  validate-generate:
-    runs-on: ubuntu-20.04
-
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
+    runs-on: ubuntu-22.04

    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}

-      - name: Check out code
-        uses: actions/checkout@v2
-        with:
-          path: go/src/github.com/traefik/traefik
-          fetch-depth: 0
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-validate-generate-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-validate-generate-go-
-
      - name: go generate
        run: |
-          go generate
+          make generate
          git diff --exit-code

      - name: go mod tidy
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,8 +1,5 @@
 run:
  timeout: 10m
-  skip-files: []
-  skip-dirs:
-    - pkg/provider/kubernetes/crd/generated/

 linters-settings:
  govet:
@@ -26,10 +23,13 @@ linters-settings:
      - ^spew\.Print(f|ln)?$
      - ^spew\.Dump$
  depguard:
-    list-type: denylist
-    include-go-root: false
-    packages:
-      - github.com/pkg/errors
+    rules:
+      main:
+        deny:
+          - pkg: "github.com/instana/testify"
+            desc: not allowed
+          - pkg: "github.com/pkg/errors"
+            desc: Should be replaced by standard lib errors package
  godox:
    keywords:
      - FIXME
@@ -143,11 +143,16 @@ linters-settings:
  gomoddirectives:
    replace-allow-list:
      - github.com/abbot/go-http-auth
-      - github.com/go-check/check
      - github.com/gorilla/mux
      - github.com/mailgun/minheap
      - github.com/mailgun/multibuf
      - github.com/jaguilar/vt100
+      - github.com/cucumber/godog
+  testifylint:
+    disable:
+      - suite-dont-use-pkg
+      - require-error
+      - go-require

 linters:
  enable-all: true
@@ -199,11 +204,16 @@ linters:
    - containedctx # too many false-positive
    - maintidx # kind of duplicate of gocyclo
    - nonamedreturns # Too strict
+    - gosmopolitan  # not relevant
+    - exportloopref # Useless with go1.22
+    - musttag

 issues:
  exclude-use-default: false
-  max-per-linter: 0
+  max-issues-per-linter: 0
  max-same-issues: 0
+  exclude-dirs:
+    - pkg/provider/kubernetes/crd/generated/
  exclude:
    - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
    - "should have a package comment, unless it's in another file for this package"
@@ -216,6 +226,7 @@ issues:
    - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
    - 'SA1019: c.Providers.Consul.Namespace is deprecated'
    - 'SA1019: c.Providers.Nomad.Namespace is deprecated'
+    - 'fmt.Sprintf can be replaced with string'
  exclude-rules:
    - path: '(.+)_test.go'
      linters:
--- a/.goreleaser.yml.tmpl
+++ b/.goreleaser.yml.tmpl
@@ -1,8 +1,12 @@
 project_name: traefik

+dist: "./dist/[[ .GOOS ]]"
+
+[[ if eq .GOOS "linux" ]]
 before:
  hooks:
    - go generate
+[[ end ]]

 builds:
  - binary: traefik
@@ -15,11 +19,7 @@ builds:
    flags:
      - -trimpath
    goos:
-      - linux
-      - darwin
-      - windows
-      - freebsd
-      - openbsd
+      - "[[ .GOOS ]]"
    goarch:
      - amd64
      - '386'
@@ -27,6 +27,7 @@ builds:
      - arm64
      - ppc64le
      - s390x
+      - riscv64
    goarm:
      - '7'
      - '6'
@@ -45,7 +46,7 @@ builds:
        goarch: arm

 changelog:
-  skip: true
+  disable: true

 archives:
  - id: traefik
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -3,7 +3,7 @@ name: Traefik
 agent:
  machine:
    type: e1-standard-4
-    os_image: ubuntu1804
+    os_image: ubuntu2004

 fail_fast:
  stop:
@@ -19,36 +19,18 @@ global_job_config:
  prologue:
    commands:
      - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
-      - sudo semgo go1.20
+      - sudo semgo go1.22
      - export "GOPATH=$(go env GOPATH)"
      - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
      - export "PATH=${GOPATH}/bin:${PATH}"
      - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
      - export GOPROXY=https://proxy.golang.org,direct
-      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.52.2
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.57.0
      - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
      - checkout
      - cache restore traefik-$(checksum go.sum)

 blocks:
-  - name: Test Integration
-    dependencies: []
-    run:
-      when: "branch =~ '.*' OR pull_request =~'.*'"
-    task:
-      jobs:
-        - name: Test Integration
-          commands:
-            - make pull-images
-            - touch webui/static/index.html # Avoid generating webui
-            - IN_DOCKER="" make binary
-            - make test-integration
-            - df -h
-      epilogue:
-        always:
-          commands:
-            - cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
-
  - name: Release
    dependencies: []
    run:
@@ -57,27 +39,25 @@ blocks:
      agent:
        machine:
          type: e1-standard-8
-          os_image: ubuntu1804
+          os_image: ubuntu2004
      secrets:
        - name: traefik
      env_vars:
        - name: GH_VERSION
-          value: 1.12.1
+          value: 2.32.1
        - name: CODENAME
-          value: "saintmarcelin"
-        - name: IN_DOCKER
-          value: ""
+          value: "mimolette"
      prologue:
        commands:
          - export VERSION=${SEMAPHORE_GIT_TAG_NAME}
          - curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz
          - tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp
          - sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh
-          - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox # Remove unnecessary data.
+          - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox /usr/lib/google-cloud-sdk ~/.rbenv ~/.pip_download_cache # Remove unnecessary data.
          - sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable.
      jobs:
        - name: Release
          commands:
            - make release-packages
-            - gh release create ${SEMAPHORE_GIT_TAG_NAME} ./dist/traefik*.* --repo traefik/traefik --title ${SEMAPHORE_GIT_TAG_NAME} --notes ${SEMAPHORE_GIT_TAG_NAME}
+            - gh release create ${SEMAPHORE_GIT_TAG_NAME} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${SEMAPHORE_GIT_TAG_NAME} --notes ${SEMAPHORE_GIT_TAG_NAME}
            - ./script/deploy.sh
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,214 @@
+## [v2.11.1](https://github.com/traefik/traefik/tree/v2.11.1) (2024-04-10)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.0...v2.11.1)
+
+**Bug fixes:**
+- **[acme,tls]** Enforce handling of ACME-TLS/1 challenges ([#10536](https://github.com/traefik/traefik/pull/10536) by [rtribotte](https://github.com/rtribotte))
+- **[acme]** Update go-acme/lego to v4.16.1 ([#10508](https://github.com/traefik/traefik/pull/10508) by [ldez](https://github.com/ldez))
+- **[acme]** Close created file in ACME local store CheckFile func ([#10574](https://github.com/traefik/traefik/pull/10574) by [testwill](https://github.com/testwill))
+- **[docker,http3]** Update to quic-go v0.42.0 and docker/cli v24.0.9 ([#10572](https://github.com/traefik/traefik/pull/10572) by [mloiseleur](https://github.com/mloiseleur))
+- **[docker,marathon,rancher,ecs,tls,nomad]** Allow to configure TLSStore default generated certificate with labels ([#10439](https://github.com/traefik/traefik/pull/10439) by [kevinpollet](https://github.com/kevinpollet))
+- **[ecs]** Adjust ECS network interface detection logic ([#10550](https://github.com/traefik/traefik/pull/10550) by [amaxine](https://github.com/amaxine))
+- **[logs,tls]** Fix log when default TLSStore and TLSOptions are defined multiple times ([#10499](https://github.com/traefik/traefik/pull/10499) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Allow empty replacement with ReplacePathRegex middleware ([#10538](https://github.com/traefik/traefik/pull/10538) by [rtribotte](https://github.com/rtribotte))
+- **[plugins]** Update Yaegi to v0.16.1 ([#10565](https://github.com/traefik/traefik/pull/10565) by [ldez](https://github.com/ldez))
+- **[provider,rules]** Don&#39;t allow routers higher than internal ones ([#10428](https://github.com/traefik/traefik/pull/10428) by [ldez](https://github.com/ldez))
+- **[rules]** Reserve priority range for internal routers ([#10541](https://github.com/traefik/traefik/pull/10541) by [youkoulayley](https://github.com/youkoulayley))
+- **[server,tcp]** Introduce Lingering Timeout ([#10569](https://github.com/traefik/traefik/pull/10569) by [rtribotte](https://github.com/rtribotte))
+- **[tcp]** Enforce failure for TCP HostSNI with hostname ([#10540](https://github.com/traefik/traefik/pull/10540) by [youkoulayley](https://github.com/youkoulayley))
+- **[tracing]** Bump Elastic APM to v2.4.8 ([#10512](https://github.com/traefik/traefik/pull/10512) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Fix dashboard exposition through a router ([#10518](https://github.com/traefik/traefik/pull/10518) by [mmatur](https://github.com/mmatur))
+- **[webui]** Display IPAllowlist middleware configuration in dashboard ([#10459](https://github.com/traefik/traefik/pull/10459) by [youkoulayley](https://github.com/youkoulayley))
+- **[webui]** Make text more readable in dark mode ([#10473](https://github.com/traefik/traefik/pull/10473) by [hood](https://github.com/hood))
+- **[webui]** Migrate to Quasar 2.x and Vue.js 3.x ([#10416](https://github.com/traefik/traefik/pull/10416) by [andsarr](https://github.com/andsarr))
+- **[webui]** Add a horizontal scroll for the mobile view ([#10480](https://github.com/traefik/traefik/pull/10480) by [framebassman](https://github.com/framebassman))
+
+**Documentation:**
+- **[acme]** Update gandiv5 env variable in providers table ([#10506](https://github.com/traefik/traefik/pull/10506) by [dominiwe](https://github.com/dominiwe))
+- **[acme]** Fix multiple dns provider documentation ([#10496](https://github.com/traefik/traefik/pull/10496) by [mmatur](https://github.com/mmatur))
+- **[docker]** Fix paragraph in entrypoints and Docker docs ([#10491](https://github.com/traefik/traefik/pull/10491) by [luigir-it](https://github.com/luigir-it))
+- **[k8s]** Improve middleware example ([#10532](https://github.com/traefik/traefik/pull/10532) by [mloiseleur](https://github.com/mloiseleur))
+- **[metrics]** Fix host header mention in prometheus metrics doc ([#10502](https://github.com/traefik/traefik/pull/10502) by [MorphBonehunter](https://github.com/MorphBonehunter))
+- **[metrics]** Fix typo in statsd metrics docs ([#10437](https://github.com/traefik/traefik/pull/10437) by [xpac1985](https://github.com/xpac1985))
+- **[middleware]** Improve excludedIPs example with IPWhiteList and IPAllowList middleware ([#10554](https://github.com/traefik/traefik/pull/10554) by [mloiseleur](https://github.com/mloiseleur))
+- **[nomad]** Improve documentation about Nomad ACL minimum rights ([#10482](https://github.com/traefik/traefik/pull/10482) by [Thadir](https://github.com/Thadir))
+- **[server]** Add specification for TCP TLS routers in documentation ([#10510](https://github.com/traefik/traefik/pull/10510) by [shivanipawar00](https://github.com/shivanipawar00))
+- **[tls]** Fix default value for peerCertURI option ([#10470](https://github.com/traefik/traefik/pull/10470) by [marcmognol](https://github.com/marcmognol))
+- Update releases page ([#10449](https://github.com/traefik/traefik/pull/10449) by [ldez](https://github.com/ldez))
+- Update releases page ([#10443](https://github.com/traefik/traefik/pull/10443) by [ldez](https://github.com/ldez))
+- Add youkoulayley to maintainers ([#10517](https://github.com/traefik/traefik/pull/10517) by [emilevauge](https://github.com/emilevauge))
+- Add sdelicata to maintainers ([#10515](https://github.com/traefik/traefik/pull/10515) by [emilevauge](https://github.com/emilevauge))
+
+**Misc:**
+- **[webui]** Modify the Hub Button ([#10583](https://github.com/traefik/traefik/pull/10583) by [mdeliatf](https://github.com/mdeliatf))
+
+## [v2.11.0](https://github.com/traefik/traefik/tree/v2.11.0) (2024-02-12)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0)
+
+**Enhancements:**
+- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui))
+- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley))
+- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens))
+- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley))
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.15.0 ([#10392](https://github.com/traefik/traefik/pull/10392) by [ldez](https://github.com/ldez))
+- **[authentication]** Fix NTLM and Kerberos ([#10405](https://github.com/traefik/traefik/pull/10405) by [juliens](https://github.com/juliens))
+- **[file]** Fix file watcher ([#10420](https://github.com/traefik/traefik/pull/10420) by [juliens](https://github.com/juliens))
+- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez))
+- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
+- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
+- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens))
+- **[webui]** Fixes the Header Button ([#10395](https://github.com/traefik/traefik/pull/10395) by [mdeliatf](https://github.com/mdeliatf))
+- **[webui]** Fix URL encode resource&#39;s id before calling API endpoints ([#10292](https://github.com/traefik/traefik/pull/10292) by [andsarr](https://github.com/andsarr))
+
+**Documentation:**
+- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz))
+- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx))
+- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla))
+- **[ecs]** Mention ECS as supported backend ([#10393](https://github.com/traefik/traefik/pull/10393) by [aleyrizvi](https://github.com/aleyrizvi))
+- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Update the documentation for RateLimit to provide a better example ([#10298](https://github.com/traefik/traefik/pull/10298) by [rmburton](https://github.com/rmburton))
+- **[server]** Fix the keepAlive options for the CLI examples ([#10398](https://github.com/traefik/traefik/pull/10398) by [immanuelfodor](https://github.com/immanuelfodor))
+- Prepare release v2.11.0-rc2 ([#10384](https://github.com/traefik/traefik/pull/10384) by [rtribotte](https://github.com/rtribotte))
+- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
+- Prepare release v2.11.0-rc1 ([#10326](https://github.com/traefik/traefik/pull/10326) by [mmatur](https://github.com/mmatur))
+- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty))
+- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx))
+
+## [v2.11.0-rc2](https://github.com/traefik/traefik/tree/v2.11.0-rc2) (2024-01-24)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0-rc2)
+
+**Bug fixes:**
+- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
+- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
+
+**Documentation:**
+- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
+
+## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02)
+[All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1)
+
+**Enhancements:**
+- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui))
+- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley))
+- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens))
+- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley))
+
+**Bug fixes:**
+- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez))
+- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens))
+
+**Documentation:**
+- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz))
+- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla))
+- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx))
+- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte))
+- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty))
+- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx))
+
+## [v2.10.7](https://github.com/traefik/traefik/tree/v2.10.7) (2023-12-06)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.6...v2.10.7)
+
+**Bug fixes:**
+- **[logs]** Fixed datadog logs json format issue ([#10233](https://github.com/traefik/traefik/pull/10233) by [sssash18](https://github.com/sssash18))
+
+## [v2.10.6](https://github.com/traefik/traefik/tree/v2.10.6) (2023-11-28)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.5...v2.10.6)
+
+**Bug fixes:**
+- **[acme]** Remove backoff for http challenge ([#10224](https://github.com/traefik/traefik/pull/10224) by [youkoulayley](https://github.com/youkoulayley))
+- **[consul,consulcatalog]** Update github.com/hashicorp/consul/api ([#10220](https://github.com/traefik/traefik/pull/10220) by [kevinpollet](https://github.com/kevinpollet))
+- **[http3]** Update quic-go to v0.39.1 ([#10171](https://github.com/traefik/traefik/pull/10171) by [tomMoulard](https://github.com/tomMoulard))
+- **[middleware]** Fix stripPrefix middleware is not applied to retried attempts ([#10255](https://github.com/traefik/traefik/pull/10255) by [niki-timofe](https://github.com/niki-timofe))
+- **[provider]** Refuse recursive requests ([#10242](https://github.com/traefik/traefik/pull/10242) by [rtribotte](https://github.com/rtribotte))
+- **[server]** Deny request with fragment in URL path ([#10229](https://github.com/traefik/traefik/pull/10229) by [lbenguigui](https://github.com/lbenguigui))
+- **[tracing]** Remove deprecated code usage for datadog tracer ([#10196](https://github.com/traefik/traefik/pull/10196) by [mmatur](https://github.com/mmatur))
+
+**Documentation:**
+- **[governance]** Update the review process and maintainers team documentation ([#10230](https://github.com/traefik/traefik/pull/10230) by [geraldcroes](https://github.com/geraldcroes))
+- **[governance]** Guidelines Update ([#10197](https://github.com/traefik/traefik/pull/10197) by [geraldcroes](https://github.com/geraldcroes))
+- **[metrics]** Add a mention for the host header in metrics headers labels doc ([#10172](https://github.com/traefik/traefik/pull/10172) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Rephrase BasicAuth and DigestAuth docs ([#10226](https://github.com/traefik/traefik/pull/10226) by [sssash18](https://github.com/sssash18))
+- **[middleware]** Improve ErrorPages examples ([#10209](https://github.com/traefik/traefik/pull/10209) by [arendhummeling](https://github.com/arendhummeling))
+- Add @lbenguigui to maintainers ([#10222](https://github.com/traefik/traefik/pull/10222) by [kevinpollet](https://github.com/kevinpollet))
+
+## [v2.10.5](https://github.com/traefik/traefik/tree/v2.10.5) (2023-10-11)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.4...v2.10.5)
+
+**Bug fixes:**
+- **[accesslogs]** Move origin fields capture to service level ([#10126](https://github.com/traefik/traefik/pull/10126) by [rtribotte](https://github.com/rtribotte))
+- **[accesslogs]** Fix preflight response status in access logs ([#10142](https://github.com/traefik/traefik/pull/10142) by [rtribotte](https://github.com/rtribotte))
+- **[acme]** Update go-acme/lego to v4.14.0 ([#10087](https://github.com/traefik/traefik/pull/10087) by [ldez](https://github.com/ldez))
+- **[acme]** Update go-acme/lego to v4.13.3 ([#10077](https://github.com/traefik/traefik/pull/10077) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.37.5 ([#10083](https://github.com/traefik/traefik/pull/10083) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.39.0 ([#10137](https://github.com/traefik/traefik/pull/10137) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.37.6 ([#10085](https://github.com/traefik/traefik/pull/10085) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.38.0 ([#10086](https://github.com/traefik/traefik/pull/10086) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.38.1 ([#10090](https://github.com/traefik/traefik/pull/10090) by [ldez](https://github.com/ldez))
+- **[kv]** Ignore ErrKeyNotFound error for the KV provider ([#10082](https://github.com/traefik/traefik/pull/10082) by [sunyakun](https://github.com/sunyakun))
+- **[middleware,authentication]** Adjust forward auth to avoid connection leak ([#10096](https://github.com/traefik/traefik/pull/10096) by [wdhongtw](https://github.com/wdhongtw))
+- **[middleware,server]** Improve CNAME flattening to avoid unnecessary error logging ([#10128](https://github.com/traefik/traefik/pull/10128) by [niallnsec](https://github.com/niallnsec))
+- **[middleware]** Allow X-Forwarded-For delete operation ([#10132](https://github.com/traefik/traefik/pull/10132) by [rtribotte](https://github.com/rtribotte))
+- **[server]** Update x/net and grpc/grpc-go ([#10161](https://github.com/traefik/traefik/pull/10161) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Add missing accessControlAllowOriginListRegex to middleware view ([#10157](https://github.com/traefik/traefik/pull/10157) by [DBendit](https://github.com/DBendit))
+- Fix false positive in url anonymization ([#10138](https://github.com/traefik/traefik/pull/10138) by [jspdown](https://github.com/jspdown))
+
+**Documentation:**
+- **[acme]** Change Arvancloud URL ([#10115](https://github.com/traefik/traefik/pull/10115) by [sajjadjafaribojd](https://github.com/sajjadjafaribojd))
+- **[acme]** Correct minor typo in crd-acme docs ([#10067](https://github.com/traefik/traefik/pull/10067) by [ayyron-lmao](https://github.com/ayyron-lmao))
+- **[healthcheck]** Remove healthcheck interval configuration warning ([#10068](https://github.com/traefik/traefik/pull/10068) by [rtribotte](https://github.com/rtribotte))
+- **[kv,redis]** Docs describe the missing db parameter in redis provider ([#10052](https://github.com/traefik/traefik/pull/10052) by [tokers](https://github.com/tokers))
+- **[middleware]** Doc fix accessControlAllowHeaders examples ([#10121](https://github.com/traefik/traefik/pull/10121) by [ebuildy](https://github.com/ebuildy))
+- Updates business callout in the documentation ([#10122](https://github.com/traefik/traefik/pull/10122) by [tomatokoolaid](https://github.com/tomatokoolaid))
+
+## [v2.10.4](https://github.com/traefik/traefik/tree/v2.10.4) (2023-07-24)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.3...v2.10.4)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.13.2 ([#10036](https://github.com/traefik/traefik/pull/10036) by [ldez](https://github.com/ldez))
+- **[acme]** Update go-acme/lego to v4.13.0 ([#10029](https://github.com/traefik/traefik/pull/10029) by [ldez](https://github.com/ldez))
+- **[k8s/ingress,k8s]** fix: avoid panic on resource backends ([#10023](https://github.com/traefik/traefik/pull/10023) by [ldez](https://github.com/ldez))
+- **[middleware,tracing,plugins]** fix: traceability of the middleware plugins ([#10028](https://github.com/traefik/traefik/pull/10028) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- Update maintainers guidelines ([#9981](https://github.com/traefik/traefik/pull/9981) by [geraldcroes](https://github.com/geraldcroes))
+- Update release documentation ([#9975](https://github.com/traefik/traefik/pull/9975) by [rtribotte](https://github.com/rtribotte))
+
+**Misc:**
+- **[webui]** Updates the Hub tooltip content using a web component and adds an option to disable Hub button ([#10008](https://github.com/traefik/traefik/pull/10008) by [mdeliatf](https://github.com/mdeliatf))
+
+## [v2.10.3](https://github.com/traefik/traefik/tree/v2.10.3) (2023-06-17)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.2...v2.10.3)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.12.2 ([#9935](https://github.com/traefik/traefik/pull/9971) by [ldez](https://github.com/ldez))
+
+## [v2.10.2](https://github.com/traefik/traefik/tree/v2.10.2) (2023-06-17)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.1...v2.10.2)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.12.1 ([#9935](https://github.com/traefik/traefik/pull/9935) by [ldez](https://github.com/ldez))
+- **[acme]** Update go-acme/lego to v4.12.0 ([#9918](https://github.com/traefik/traefik/pull/9918) by [ldez](https://github.com/ldez))
+- **[acme]** Update go-acme/lego to v4.11.0 ([#9883](https://github.com/traefik/traefik/pull/9883) by [ldez](https://github.com/ldez))
+- **[acme]** Do not check for wildcard domains for non DNS challenge ([#9881](https://github.com/traefik/traefik/pull/9881) by [erkexzcx](https://github.com/erkexzcx))
+- **[k8s/crd]** Fix multiple subsets endpoint ([#9914](https://github.com/traefik/traefik/pull/9914) by [joaosilva15](https://github.com/joaosilva15))
+- **[k8s/ingress,k8s/crd,k8s,hub]** Clean code related to Hub ([#9894](https://github.com/traefik/traefik/pull/9894) by [ldez](https://github.com/ldez))
+- **[metrics]** Enable Prometheus provider cleanup when only the router&#39;s metrics level is activated ([#9887](https://github.com/traefik/traefik/pull/9887) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Encode query semicolons ([#9943](https://github.com/traefik/traefik/pull/9943) by [LandryBe](https://github.com/LandryBe))
+- **[middleware]** Missing trailer with custom errors middleware ([#9942](https://github.com/traefik/traefik/pull/9942) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Support informational headers in middlewares redefining the response writer. ([#9938](https://github.com/traefik/traefik/pull/9938) by [rtribotte](https://github.com/rtribotte))
+- **[plugins]** Improve error messages related to plugins ([#9924](https://github.com/traefik/traefik/pull/9924) by [ldez](https://github.com/ldez))
+- **[tracing]** Update DataDog tracing dependency to v1.50.1 ([#9953](https://github.com/traefik/traefik/pull/9953) by [der-eismann](https://github.com/der-eismann))
+
+**Documentation:**
+- **[accesslogs]** Fix over-indented yaml configuration of access logs ([#9930](https://github.com/traefik/traefik/pull/9930) by [ufUNnxagpM](https://github.com/ufUNnxagpM))
+- **[tls]** Add FAQ documentation about TLS certificates ([#9868](https://github.com/traefik/traefik/pull/9868) by [rtribotte](https://github.com/rtribotte))
+- Fix typo ([#9966](https://github.com/traefik/traefik/pull/9966) by [green1052](https://github.com/green1052))
+- Add business callouts ([#9940](https://github.com/traefik/traefik/pull/9940) by [tomatokoolaid](https://github.com/tomatokoolaid))
+- Add logo for GitHub dark mode ([#9890](https://github.com/traefik/traefik/pull/9890) by [ldez](https://github.com/ldez))
+
 ## [v2.10.1](https://github.com/traefik/traefik/tree/v2.10.1) (2023-04-27)
 [All Commits](https://github.com/traefik/traefik/compare/v2.10.0...v2.10.1)

--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -47,6 +47,18 @@ Further details of specific enforcement policies may be posted separately.

 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

+When an inapropriate behavior is reported, maintainers will discuss on the Maintainer's Discord before marking the message as "abuse". 
+This conversation beforehand avoids one-sided decisions.
+
+The first message will be edited and marked as abuse.
+The second edited message and marked as abuse results in a 7-day ban.
+The third edited message and marked as abuse results in a permanent ban.
+
+The content of edited messages is:
+`Dear user, we want traefik to provide a welcoming and respectful environment. Your [comment/issue/PR] has been reported and marked as abuse according to our [Code of Conduct](./CODE_OF_CONDUCT.md). Thank you.`
+
+The [report must be resolved](https://docs.github.com/en/communities/moderating-comments-and-conversations/managing-reported-content-in-your-organizations-repository#resolving-a-report) accordingly.
+
 ## Attribution

 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
--- a/13
+++ b/13
@@ -1,6 +1,13 @@
-FROM scratch
-COPY script/ca-certificates.crt /etc/ssl/certs/
-COPY dist/traefik /
+# syntax=docker/dockerfile:1.2
+FROM alpine:3.19
+
+RUN apk --no-cache --no-progress add ca-certificates tzdata \
+    && rm -rf /var/cache/apk/*
+
+ARG TARGETPLATFORM
+COPY ./dist/$TARGETPLATFORM/traefik /
+
 EXPOSE 80
 VOLUME ["/tmp"]
+
 ENTRYPOINT ["/traefik"]
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,6 +1,6 @@
 The MIT License (MIT)

-Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs
+Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/224
+++ b/224
@@ -6,121 +6,102 @@ VERSION_GIT := $(if $(TAG_NAME),$(TAG_NAME),$(SHA))
 VERSION := $(if $(VERSION),$(VERSION),$(VERSION_GIT))

 GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
-TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))

 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
-TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
+BIN_NAME := traefik
+CODENAME ?= cheddar

-INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)",-v "/var/run/docker.sock:/var/run/docker.sock")
-DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
+DATE := $(shell date -u '+%Y-%m-%d_%I:%M:%S%p')

-# only used when running in docker
-TRAEFIK_ENVS := \
-	-e OS_ARCH_ARG \
-	-e OS_PLATFORM_ARG \
-	-e TESTFLAGS \
-	-e VERBOSE \
-	-e VERSION \
-	-e CODENAME \
-	-e TESTDIRS \
-	-e CI \
-	-e IN_DOCKER=true		# Indicator for integration tests that we are running inside a container.
+# Default build target
+GOOS := $(shell go env GOOS)
+GOARCH := $(shell go env GOARCH)

-TRAEFIK_MOUNT := -v "$(CURDIR)/dist:/go/src/github.com/traefik/traefik/dist"
-DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
-DOCKER_NON_INTERACTIVE ?= false
-DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
-DOCKER_RUN_TRAEFIK_TEST := docker run --add-host=host.docker.internal:127.0.0.1 --rm --name=traefik --network traefik-test-network -v $(PWD):$(PWD) -w $(PWD) $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
-DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -i) $(DOCKER_RUN_OPTS)
+LINT_EXECUTABLES = misspell shellcheck

-IN_DOCKER ?= true
+DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64

 .PHONY: default
-default: binary
+#? default: Run `make generate` and `make binary`
+default: generate binary

-## Create the "dist" directory
+#? dist: Create the "dist" directory
 dist:
 	mkdir -p dist

-## Build Dev Docker image
-.PHONY: build-dev-image
-build-dev-image: dist
-ifneq ("$(IN_DOCKER)", "")
-	docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
-endif
-
-## Build Dev Docker image without cache
-.PHONY: build-dev-image-no-cache
-build-dev-image-no-cache: dist
-ifneq ("$(IN_DOCKER)", "")
-	docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
-endif
-
-## Build WebUI Docker image
 .PHONY: build-webui-image
+#? build-webui-image: Build WebUI Docker image
 build-webui-image:
 	docker build -t traefik-webui -f webui/Dockerfile webui

-## Clean WebUI static generated assets
 .PHONY: clean-webui
+#? clean-webui: Clean WebUI static generated assets
 clean-webui:
 	rm -r webui/static
 	mkdir -p webui/static
 	printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md

-## Generate WebUI
 webui/static/index.html:
 	$(MAKE) build-webui-image
 	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
 	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static

 .PHONY: generate-webui
+#? generate-webui: Generate WebUI
 generate-webui: webui/static/index.html

-## Build the binary
+.PHONY: generate
+#? generate: Generate code (Dynamic and Static configuration documentation reference files)
+generate:
+	go generate
+
 .PHONY: binary
-binary: generate-webui build-dev-image
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
+#? binary: Build the binary
+binary: generate-webui dist
+	@echo SHA: $(VERSION) $(CODENAME) $(DATE)
+	CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \
+    -X github.com/traefik/traefik/v2/pkg/version.Version=$(VERSION) \
+    -X github.com/traefik/traefik/v2/pkg/version.Codename=$(CODENAME) \
+    -X github.com/traefik/traefik/v2/pkg/version.BuildDate=$(DATE)" \
+    -installsuffix nocgo -o "./dist/${GOOS}/${GOARCH}/$(BIN_NAME)" ./cmd/traefik

-## Build the linux binary locally
-.PHONY: binary-debug
-binary-debug: generate-webui
-	GOOS=linux ./script/make.sh binary
+binary-linux-arm64: export GOOS := linux
+binary-linux-arm64: export GOARCH := arm64
+binary-linux-arm64:
+	@$(MAKE) binary
+
+binary-linux-amd64: export GOOS := linux
+binary-linux-amd64: export GOARCH := amd64
+binary-linux-amd64:
+	@$(MAKE) binary
+
+binary-windows-amd64: export GOOS := windows
+binary-windows-amd64: export GOARCH := amd64
+binary-windows-amd64: export BIN_NAME := traefik.exe
+binary-windows-amd64:
+	@$(MAKE) binary

-## Build the binary for the standard platforms (linux, darwin, windows)
 .PHONY: crossbinary-default
-crossbinary-default: generate-webui build-dev-image
-	$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
+#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows)
+crossbinary-default: generate generate-webui
+	$(CURDIR)/script/crossbinary-default.sh

-## Build the binary for the standard platforms (linux, darwin, windows) in parallel
-.PHONY: crossbinary-default-parallel
-crossbinary-default-parallel:
-	$(MAKE) generate-webui
-	$(MAKE) build-dev-image crossbinary-default
-
-## Run the unit and integration tests
 .PHONY: test
-test: build-dev-image
-	-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
-	trap 'docker network rm traefik-test-network' EXIT; \
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit binary test-integration
+#? test: Run the unit and integration tests
+test: test-unit test-integration

-## Run the unit tests
 .PHONY: test-unit
-test-unit: build-dev-image
-	-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
-	trap 'docker network rm traefik-test-network' EXIT; \
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit
+#? test-unit: Run the unit tests
+test-unit:
+	GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/...

-## Run the integration tests
 .PHONY: test-integration
-test-integration: build-dev-image
-	-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
-	trap 'docker network rm traefik-test-network' EXIT; \
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate binary test-integration
+#? test-integration: Run the integration tests
+test-integration: binary
+	GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)

-## Pull all images for integration tests
 .PHONY: pull-images
+#? pull-images: Pull all Docker images to avoid timeout during integration tests
 pull-images:
 	grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
 		| awk '{print $$2}' \
@@ -128,84 +109,85 @@ pull-images:
 		| uniq \
 		| xargs -P 6 -n 1 docker pull

-## Validate code and docs
+.PHONY: lint
+#? lint: Run golangci-lint
+lint:
+	golangci-lint run
+
 .PHONY: validate-files
-validate-files: build-dev-image
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
-	bash $(CURDIR)/script/validate-shell-script.sh
+#? validate-files: Validate code and docs
+validate-files: lint
+	$(foreach exec,$(LINT_EXECUTABLES),\
+            $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
+	$(CURDIR)/script/validate-misspell.sh
+	$(CURDIR)/script/validate-shell-script.sh

-## Validate code, docs, and vendor
 .PHONY: validate
-validate: build-dev-image
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
-	bash $(CURDIR)/script/validate-shell-script.sh
+#? validate: Validate code, docs, and vendor
+validate: lint
+	$(foreach exec,$(EXECUTABLES),\
+            $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
+	$(CURDIR)/script/validate-vendor.sh
+	$(CURDIR)/script/validate-misspell.sh
+	$(CURDIR)/script/validate-shell-script.sh
+
+# Target for building images for multiple architectures.
+.PHONY: multi-arch-image-%
+multi-arch-image-%: binary-linux-amd64 binary-linux-arm64
+	docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile .
+

-## Clean up static directory and build a Docker Traefik image
 .PHONY: build-image
-build-image: clean-webui binary
-	docker build -t $(TRAEFIK_IMAGE) .
+#? build-image: Clean up static directory and build a Docker Traefik image
+build-image: export DOCKER_BUILDX_ARGS := --load
+build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
+build-image: clean-webui
+	@$(MAKE) multi-arch-image-latest

-## Build a Docker Traefik image without re-building the webui
 .PHONY: build-image-dirty
-build-image-dirty: binary
-	docker build -t $(TRAEFIK_IMAGE) .
+#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built
+build-image-dirty: export DOCKER_BUILDX_ARGS := --load
+build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
+build-image-dirty:
+	@$(MAKE) multi-arch-image-latest

-## Locally build traefik for linux, then shove it an alpine image, with basic tools.
-.PHONY: build-image-debug
-build-image-debug: binary-debug
-	docker build -t $(TRAEFIK_IMAGE) -f debug.Dockerfile .
-
-## Start a shell inside the build env
-.PHONY: shell
-shell: build-dev-image
-	$(DOCKER_RUN_TRAEFIK) /bin/bash
-
-## Build documentation site
 .PHONY: docs
+#? docs: Build documentation site
 docs:
 	make -C ./docs docs

-## Serve the documentation site locally
 .PHONY: docs-serve
+#? docs-serve: Serve the documentation site locally
 docs-serve:
 	make -C ./docs docs-serve

-## Pull image for doc building
 .PHONY: docs-pull-images
+#? docs-pull-images: Pull image for doc building
 docs-pull-images:
 	make -C ./docs docs-pull-images

-## Generate CRD clientset and CRD manifests
 .PHONY: generate-crd
+#? generate-crd: Generate CRD clientset and CRD manifests
 generate-crd:
-	@$(CURDIR)/script/code-gen.sh
+	@$(CURDIR)/script/code-gen-docker.sh

-## Generate code from dynamic configuration https://github.com/traefik/genconf
 .PHONY: generate-genconf
+#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf
 generate-genconf:
 	go run ./cmd/internal/gen/

-## Create packages for the release
 .PHONY: release-packages
-release-packages: generate-webui build-dev-image
-	rm -rf dist
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 2 --timeout="90m"
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
-		--exclude-vcs \
-		--exclude .idea \
-		--exclude .travis \
-		--exclude .semaphoreci \
-		--exclude .github \
-		--exclude dist .
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) chown -R $(shell id -u):$(shell id -g) dist/
+#? release-packages: Create packages for the release
+release-packages: generate-webui
+	$(CURDIR)/script/release-packages.sh

-## Format the Code
 .PHONY: fmt
+#? fmt: Format the Code
 fmt:
 	gofmt -s -l -w $(SRCS)

-.PHONY: run-dev
-run-dev:
-	go generate
-	GO111MODULE=on go build ./cmd/traefik
-	./traefik
+.PHONY: help
+#? help: Get more info on make commands
+help: Makefile
+	@echo " Choose a command run in traefik:"
+	@sed -n 's/^#?//p' $< | column -t -s ':' |  sort | sed -e 's/^/ /'
--- a/README.md
+++ b/README.md
@@ -1,6 +1,10 @@

 <p align="center">
-<img src="docs/content/assets/img/traefik.logo.png" alt="Traefik" title="Traefik" />
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="docs/content/assets/img/traefik.logo-dark.png">
+      <source media="(prefers-color-scheme: light)" srcset="docs/content/assets/img/traefik.logo.png">
+      <img alt="Traefik" title="Traefik" src="docs/content/assets/img/traefik.logo.png">
+    </picture>
 </p>

 [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
@@ -70,6 +74,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
 - [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
 - [Marathon](https://doc.traefik.io/traefik/providers/marathon/)
 - [Rancher](https://doc.traefik.io/traefik/providers/rancher/) (Metadata)
+- [ECS](https://doc.traefik.io/traefik/providers/ecs/)
 - [File](https://doc.traefik.io/traefik/providers/file/)

 ## Quickstart
@@ -123,8 +128,8 @@ You can find high level and deep dive videos on [videos.traefik.io](https://vide
 ## Maintainers

 We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey!
-This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the core team as well as various responsibilities and guidelines for Traefik maintainers.
-You can also find more information on our process to review pull requests and manage issues [in this document](docs/content/contributing/maintainers.md).
+This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the [maintainers' team](docs/content/contributing/maintainers.md) as well as various responsibilities and guidelines for Traefik maintainers.
+You can also find more information on our process to review pull requests and manage issues [in this document](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).

 ## Contributing

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -16,7 +16,7 @@ Each version is supported until the next one is released (e.g. 1.1.x will be sup
 We use [Semantic Versioning](https://semver.org/).

 | Version   | Supported          |
-| --------- | ------------------ |
+|-----------|--------------------|
 | `2.2.x`   | :white_check_mark: |
 | `< 2.2.x` | :x:                |
 | `1.7.x`   | :white_check_mark: |
@@ -25,4 +25,6 @@ We use [Semantic Versioning](https://semver.org/).
 ## Reporting a Vulnerability

 We want to keep Traefik safe for everyone.
-If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io).
+If you've discovered a security vulnerability in Traefik,
+we appreciate your help in disclosing it to us in a responsible manner,
+by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -1,37 +0,0 @@
-FROM golang:1.20-alpine
-
-RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
-    && update-ca-certificates \
-    && rm -rf /var/cache/apk/*
-
-# Which docker version to test on
-ARG DOCKER_VERSION=18.09.7
-
-# Download docker
-RUN mkdir -p /usr/local/bin \
-    && curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
-    | tar -xzC /usr/local/bin --transform 's#^.+/##x'
-
-# Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.52.2
-
-# Download misspell binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
-
-# Download goreleaser binary to bin folder in $GOPATH
-RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh
-
-WORKDIR /go/src/github.com/traefik/traefik
-
-# Because of CVE-2022-24765 (https://github.blog/2022-04-12-git-security-vulnerability-announced/),
-# we configure git to allow the Traefik codebase path on the Host for docker in docker usages.
-ARG HOST_PWD=""
-
-RUN git config --global --add safe.directory "${HOST_PWD}"
-
-# Download go modules
-COPY go.mod .
-COPY go.sum .
-RUN GO111MODULE=on GOPROXY=https://proxy.golang.org go mod download
-
-COPY . /go/src/github.com/traefik/traefik
--- a/cmd/internal/gen/centrifuge.go
+++ b/cmd/internal/gen/centrifuge.go
@@ -13,6 +13,7 @@ import (
 	"path"
 	"path/filepath"
 	"reflect"
+	"slices"
 	"sort"
 	"strings"

@@ -80,7 +81,7 @@ func (c Centrifuge) Run(dest string, pkgName string) error {
 	}

 	for _, p := range c.pkg.Imports() {
-		if contains(c.IncludedImports, p.Path()) {
+		if slices.Contains(c.IncludedImports, p.Path()) {
 			fls := c.run(p.Scope(), p.Path(), p.Name())

 			err = fileWriter{baseDir: filepath.Join(dest, p.Name())}.Write(fls)
@@ -97,7 +98,7 @@ func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[str
 	files := map[string]*File{}

 	for _, name := range sc.Names() {
-		if contains(c.ExcludedTypes, name) {
+		if slices.Contains(c.ExcludedTypes, name) {
 			continue
 		}

@@ -107,7 +108,7 @@ func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[str
 		}

 		filename := filepath.Base(c.fileSet.File(o.Pos()).Name())
-		if contains(c.ExcludedFiles, path.Join(rootPkg, filename)) {
+		if slices.Contains(c.ExcludedFiles, path.Join(rootPkg, filename)) {
 			continue
 		}

@@ -159,7 +160,7 @@ func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string,
 	b := strings.Builder{}
 	b.WriteString(fmt.Sprintf("type %s struct {\n", name))

-	for i := 0; i < obj.NumFields(); i++ {
+	for i := range obj.NumFields() {
 		field := obj.Field(i)

 		if !field.Exported() {
@@ -237,16 +238,6 @@ func extractPackage(t types.Type) string {
 	}
 }

-func contains(values []string, value string) bool {
-	for _, val := range values {
-		if val == value {
-			return true
-		}
-	}
-
-	return false
-}
-
 type fileWriter struct {
 	baseDir string
 }
--- a/cmd/traefik/plugins.go
+++ b/cmd/traefik/plugins.go
@@ -35,12 +35,12 @@ func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]p
 		var err error
 		client, err = plugins.NewClient(opts)
 		if err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, fmt.Errorf("unable to create plugins client: %w", err)
 		}

 		err = plugins.SetupRemotePlugins(client, staticCfg.Experimental.Plugins)
 		if err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, fmt.Errorf("unable to set up plugins environment: %w", err)
 		}

 		plgs = staticCfg.Experimental.Plugins
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -33,7 +33,6 @@ import (
 	"github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
 	"github.com/traefik/traefik/v2/pkg/provider/acme"
 	"github.com/traefik/traefik/v2/pkg/provider/aggregator"
-	"github.com/traefik/traefik/v2/pkg/provider/hub"
 	"github.com/traefik/traefik/v2/pkg/provider/traefik"
 	"github.com/traefik/traefik/v2/pkg/safe"
 	"github.com/traefik/traefik/v2/pkg/server"
@@ -206,6 +205,10 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		log.WithoutContext().Warn("Traefik Pilot has been removed.")
 	}

+	if staticConfiguration.API != nil {
+		version.DisableDashboardAd = staticConfiguration.API.DisableDashboardAd
+	}
+
 	// Plugins

 	pluginBuilder, err := createPluginBuilder(staticConfiguration)
@@ -231,19 +234,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		}
 	}

-	// Traefik Hub
-
-	if staticConfiguration.Hub != nil {
-		if err = providerAggregator.AddProvider(staticConfiguration.Hub); err != nil {
-			return nil, fmt.Errorf("adding Traefik Hub provider: %w", err)
-		}
-
-		// API is mandatory for Traefik Hub to access the dynamic configuration.
-		if staticConfiguration.API == nil {
-			staticConfiguration.API = &static.API{}
-		}
-	}
-
 	// Metrics

 	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
@@ -298,7 +288,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	watcher.AddListener(switchRouter(routerFactory, serverEntryPointsTCP, serverEntryPointsUDP))

 	// Metrics
-	if metricsRegistry.IsEpEnabled() || metricsRegistry.IsSvcEnabled() {
+	if metricsRegistry.IsEpEnabled() || metricsRegistry.IsRouterEnabled() || metricsRegistry.IsSvcEnabled() {
 		var eps []string
 		for key := range serverEntryPointsTCP {
 			eps = append(eps, key)
@@ -325,10 +315,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 				continue
 			}

-			if _, ok := resolverNames[rt.TLS.CertResolver]; !ok &&
-				// "traefik-hub" is an allowed certificate resolver name in a Traefik Hub Experimental feature context.
-				// It is used to activate its own certificate resolution, even though it is not a "classical" traefik certificate resolver.
-				(staticConfiguration.Hub == nil || rt.TLS.CertResolver != "traefik-hub") {
+			if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
 				log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver)
 			}
 		}
@@ -351,11 +338,6 @@ func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvid
 func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string {
 	var defaultEntryPoints []string
 	for name, cfg := range staticConfiguration.EntryPoints {
-		// Traefik Hub entryPoint should not be part of the set of default entryPoints.
-		if hub.APIEntrypoint == name || hub.TunnelEntrypoint == name {
-			continue
-		}
-
 		protocol, err := cfg.GetProtocol()
 		if err != nil {
 			// Should never happen because Traefik should not start if protocol is invalid.
--- a/cmd/traefik/traefik_test.go
+++ b/cmd/traefik/traefik_test.go
@@ -94,7 +94,6 @@ func TestAppendCertMetric(t *testing.T) {
 	}

 	for _, test := range testCases {
-		test := test
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()

--- a/debug.Dockerfile
+++ b/debug.Dockerfile
@@ -1,10 +0,0 @@
-FROM alpine:3.14
-# Feel free to add below any helpful dependency for debugging.
-# iproute2 is for ss.
-RUN apk --no-cache --no-progress add bash curl ca-certificates tzdata lsof iproute2 \
-    && update-ca-certificates \
-    && rm -rf /var/cache/apk/*
-COPY dist/traefik /
-EXPOSE 80
-VOLUME ["/tmp"]
-ENTRYPOINT ["/traefik"]
--- a/docs/check.Dockerfile
+++ b/docs/check.Dockerfile
@@ -1,7 +1,8 @@
-FROM alpine:3.14 as alpine
+FROM alpine:3.18 as alpine

 RUN apk --no-cache --no-progress add \
    build-base \
+    gcompat \
    libcurl \
    libxml2-dev \
    libxslt-dev \
@@ -13,8 +14,8 @@ RUN apk --no-cache --no-progress add \
    ruby-json \
    zlib-dev

-RUN gem install nokogiri --version 1.13.3 --no-document -- --use-system-libraries
-RUN gem install html-proofer --version 3.19.3 --no-document -- --use-system-libraries
+RUN gem install nokogiri --version 1.15.3 --no-document -- --use-system-libraries
+RUN gem install html-proofer --version 5.0.7 --no-document -- --use-system-libraries

 # After Ruby, some NodeJS YAY!
 RUN apk --no-cache --no-progress add \
@@ -22,12 +23,9 @@ RUN apk --no-cache --no-progress add \
    nodejs \
    npm

-# To handle 'not get uid/gid'
-RUN npm config set unsafe-perm true
-
 RUN npm install --global \
-    markdownlint@0.22.0 \
-    markdownlint-cli@0.26.0
+    markdownlint@0.29.0 \
+    markdownlint-cli@0.35.0

 # Finally the shell tools we need for later
 # tini helps to terminate properly all the parallelized tasks when sending CTRL-C
--- a/docs/content/assets/img/traefik.logo-dark.png
+++ b/docs/content/assets/img/traefik.logo-dark.png
--- a/docs/content/contributing/advocating.md
+++ b/docs/content/contributing/advocating.md
@@ -1,14 +1,14 @@
 ---
 title: "Traefik Advocation Documentation"
-description: "There are many ways to contribute to Traefik Proxy. If you're talking about Traefik, let us know and we'll promote your enthusiasm!"
+description: "There are many ways to contribute to Traefik Proxy. Let us know if you’re talking about Traefik, and we'll promote your enthusiasm!"
 ---

 # Advocating

-Spread the Love & Tell Us about It
+Spread the Love & Tell Us About It
 {: .subtitle }

-Traefik Proxy was started by the community for the community.
+Traefik Proxy was started by the community and for the community.
 You can contribute to the Traefik community in three main ways:

 **Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
--- a/docs/content/contributing/building-testing.md
+++ b/docs/content/contributing/building-testing.md
@@ -13,67 +13,13 @@ Let's see how.

 ## Building

-You need either [Docker](https://github.com/docker/docker "Link to website of Docker") and `make` (Method 1), or [Go](https://go.dev/ "Link to website of Go") (Method 2) in order to build Traefik.
-For changes to its dependencies, the `dep` dependency management tool is required.
-
-### Method 1: Using `Docker` and `Makefile`
-
-Run make with the `binary` target.
-
-```bash
-make binary
-```
-
-This will create binaries for the Linux platform in the `dist` folder.
-
-In case when you run build on CI, you may probably want to run docker in non-interactive mode. To achieve that define `DOCKER_NON_INTERACTIVE=true` environment variable.
-
-```bash
-$ make binary
-docker build -t traefik-webui -f webui/Dockerfile webui
-Sending build context to Docker daemon  2.686MB
-Step 1/11 : FROM node:8.15.0
- ---> 1f6c34f7921c
-[...]
-Successfully built ce4ff439c06a
-Successfully tagged traefik-webui:latest
-[...]
-docker build  -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
-Sending build context to Docker daemon    279MB
-Step 1/10 : FROM golang:1.16-alpine
- ---> f4bfb3d22bda
-[...]
-Successfully built 5c3c1a911277
-Successfully tagged traefik-dev:4475--feature-documentation
-docker run  -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER		 -v "/home/ldez/sources/go/src/github.com/traefik/traefik/"dist":/go/src/github.com/traefik/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
---> Making bundle: generate (in .)
-removed 'autogen/genstatic/gen.go'
-
---> Making bundle: binary (in .)
-
-$ ls dist/
-traefik*
-```
-
-The following targets can be executed outside Docker by setting the variable `IN_DOCKER` to an empty string (although be aware that some of the tests might fail in that context):
-
- `test-unit`
- `test-integration`
- `validate`
- `binary` (the webUI is still generated by using Docker)
-
-ex:
-
-```bash
-IN_DOCKER= make test-unit
-```
-
-### Method 2: Using `go`
-
-Requirements:
-
- `go` v1.16+
- environment variable `GO111MODULE=on`
+You need:
+    - [Docker](https://github.com/docker/docker "Link to website of Docker") 
+    - `make`
+    - [Go](https://go.dev/ "Link to website of Go")
+    - [misspell](https://github.com/golangci/misspell)
+    - [shellcheck](https://github.com/koalaman/shellcheck)
+    - [Tailscale](https://tailscale.com/) if you are using Docker Desktop 

 !!! tip "Source Directory"

@@ -106,43 +52,34 @@ Requirements:
    ## ... and the list goes on
    ```

-#### Build Traefik
+### Build Traefik

 Once you've set up your go environment and cloned the source repository, you can build Traefik.

 ```bash
-# Generate UI static files
-make clean-webui generate-webui
+$ make binary
+SHA: 8fddfe118288bb5280eb5e77fa952f52def360b4 cheddar 2024-01-11_03:14:57PM
+CGO_ENABLED=0 GOGC=off GOOS=darwin GOARCH=arm64 go build  -ldflags "-s -w \
+    -X github.com/traefik/traefik/v2/pkg/version.Version=8fddfe118288bb5280eb5e77fa952f52def360b4 \
+    -X github.com/traefik/traefik/v2/pkg/version.Codename=cheddar \
+    -X github.com/traefik/traefik/v2/pkg/version.BuildDate=2024-01-11_03:14:57PM" \
+    -installsuffix nocgo -o "./dist/darwin/arm64/traefik" ./cmd/traefik

-# required to merge non-code components into the final binary,
-# such as the web dashboard/UI
-go generate
+$ ls dist/
+traefik*
 ```

-```bash
-# Standard go build
-go build ./cmd/traefik
-```
-
-You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/traefik/traefik` directory.
+You will find the Traefik executable (`traefik`) in the `./dist` directory.

 ## Testing

-### Method 1: `Docker` and `make`
-
 Run unit tests using the `test-unit` target.
 Run integration tests using the `test-integration` target.
 Run all tests (unit and integration) using the `test` target.

 ```bash
 $ make test-unit
-docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
-# […]
-docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/traefik/traefik/dist:/go/src/github.com/traefik/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
---> Making bundle: generate (in .)
-removed 'gen.go'
-
---> Making bundle: test-unit (in .)
+GOOS=darwin GOARCH=arm64 go test -cover "-coverprofile=cover.out" -v ./pkg/... ./cmd/...
 + go test -cover -coverprofile=cover.out .
 ok      github.com/traefik/traefik   0.005s  coverage: 4.1% of statements

@@ -151,28 +88,30 @@ Test success

 For development purposes, you can specify which tests to run by using (only works the `test-integration` target):

+??? note "Configuring Tailscale for Docker Desktop user"
+
+    Create `tailscale.secret` file in `integration` directory.
+    
+    This file need to contains a [Tailscale auth key](https://tailscale.com/kb/1085/auth-keys) 
+    (an ephemeral, but reusable, one is recommended).
+
+    Add this section to your tailscale ACLs to auto-approve the routes for the
+    containers in the docker subnet:
+
+    ```json 
+        "autoApprovers": {
+          // Allow myself to automatically
+          // advertize routes for docker networks
+          "routes": {
+            "172.31.42.0/24": ["your_tailscale_identity"],
+          },
+        },
+    ```
+    
 ```bash
 # Run every tests in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite" make test-integration
+TESTFLAGS="-test.run TestAccessLogSuite" make test-integration

 # Run the test "MyTest" in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
-
-# Run every tests starting with "My", in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite.My" make test-integration
-
-# Run every tests ending with "Test", in the MyTest suite
-TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
+TESTFLAGS="-test.run TestAccessLogSuite -testify.m ^TestAccessLog$" make test-integration
 ```
-
-Check [gocheck](https://labix.org/gocheck "Link to website of gocheck") for more information.
-
-### Method 2: `go`
-
-Unit tests can be run from the cloned directory using `$ go test ./...` which should return `ok`, similar to:
-
-```test
-ok      _/home/user/go/src/github/traefik/traefik    0.004s
-```
-
-Integration tests must be run from the `integration/` directory and require the `-integration` switch: `$ cd integration && go test -integration ./...`.
--- a/docs/content/contributing/maintainers-guidelines.md
+++ b/docs/content/contributing/maintainers-guidelines.md
@@ -7,89 +7,75 @@ description: "Interested in contributing more to the community and becoming a Tr

 ![Maintainer's Guidelines](../assets/img/maintainers-guidelines.png)

-Note: the document is a work in progress.
-
 Welcome to the Traefik Community.
-This document describes how to be part of the core team
-together with various responsibilities
-and guidelines for Traefik maintainers.
+
 We are strongly promoting a philosophy of openness and sharing,
 and firmly standing against the elitist closed approach.
 Being part of the core team should be accessible to anyone motivated
 and wants to be part of that journey!

-## Onboarding Process
+## Becoming a Maintainer

-If you consider joining our community, please drop us a line using Twitter or leave a note in the issue.
-We will schedule a quick call to meet you and learn more about your motivation.
-During the call, the team will discuss the process of becoming a maintainer.
-We will be happy to answer any questions and explain all your doubts.
+Before a contributor becomes a maintainer, they should meet the following requirements:

-## Maintainer's Requirements
+- The contributor enabled [2FA](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on their GitHub account

-Note: you do not have to meet all the listed requirements,
-but must have achieved several.
+- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past.
+
+- The contributor has read and accepted the maintainer's guidelines.
+
+The contributor should also meet one or several of the following requirements:

- Enabled [2FA](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your GitHub account
 - The contributor has opened and successfully run medium to large PR’s in the past 6 months.
+
 - The contributor has participated in multiple code reviews of other PR’s,
  including those of other maintainers and contributors.
- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past.
+
 - The contributor is active on Traefik Community forums
  or other technical forums/boards such as K8S slack, Reddit, StackOverflow, hacker news.
- Have read and accepted the contributor guidelines.
+
+Any existing active maintainer can create an issue to discuss promoting a contributor to maintainer. 
+Other maintainers can vote on the issue, and if the quorum is reached, the contributor is promoted to maintainer.
+If the quorum is not reached within one month after the issue is created, it is closed.

 ## Maintainer's Responsibilities and Privileges

-There are lots of areas where you can contribute to the project,
-but we can suggest you start with activities such as:
+As a maintainer, you are granted a vote for the following:

- PR reviewing.
-    - According to our guidelines we require you have at least 3 reviewers,
-      thus you can review a PR and leave the relevant comment if it is necessary.
- Participating in a daily [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
-    - The process helps to understand and prioritize the reported issue according to its importance and severity.
-      This is crucial to learn how our users implement Traefik.
-      Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case. 
-      You can help in creating a reproducible use case if it has not been added to the issue
-      or use the sample code provided by the reporter.
-      Typically, a simple Docker Compose should be enough to reproduce the issue.
- Code contribution.
- Documentation contribution.
-    - Technical documentation is one of the most important components of the product.
-      The ability to set up a testing environment in a few minutes,
-      using the official documentation,
-      is a game changer.
- You will be listed on our Maintainers GitHub page
-  and on our website in the section [maintainers](maintainers.md).
- We will be promoting you on social channels (mostly on Twitter).
+- [PR review](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md).

-## Governance
+- [Design review](https://github.com/traefik/contributors-guide/blob/master/proposals.md).

- Roadmap meetings on a regular basis where all maintainers are welcome.
+- [Proposals](https://github.com/traefik/contributors-guide/blob/master/proposals.md).
+
+Maintainers are also added to the maintainer's Discord server where happens the [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)
+and appear on the [Maintainers](maintainers.md) page.
+
+As a maintainer, you should: 
+
+- Prioritize PR reviews, design reviews, and issue triage above any other task. 
+
+Making sure contributors and community members are listened to and have an impact on the project is essential to keeping the project active and develop a thriving community.
+
+- Prioritize helping contributors reaching the expecting quality level over rewriting contributions.
+
+Any triage activity on issues and PRs (e.g. labels, marking messages as off-topic, refusing, marking duplicates) should result from a collective decision to ensure knowledge is shared among maintainers.

 ## Communicating

- All of our maintainers are added to Slack #traefik-maintainers channel that belongs to Traefik labs workspace.
+- All of our maintainers are added to the Traefik Maintainers Discord server that belongs to Traefik labs.
  Having the team in one place helps us to communicate effectively.
-  You can reach Traefik core developers directly,
-  which offers the possibility to discuss issues, pull requests, enhancements more efficiently
+  Maintainers can discuss issues, pull requests, enhancements more efficiently
  and get the feedback almost immediately.
  Fewer blockers mean more fun and engaging work.

- On a daily basis, we publish a report that includes all the activities performed during the day.
-  You are updated in regard to the workload that has been processed including:
-  working on the new features and enhancements,
-  activities related to the reported issues and PR’s,
-  other important project-related announcements.
+- Every decision made on the discord server among maintainers is documented so it's visible to the rest of the community.

- At 5:00 PM CET every day we review all the created issues that have been reported,
-  assign them the appropriate *[labels](maintainers.md#labels)*
-  and prioritize them based on the severity of the problem.
-  The process is called *[issue triaging](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)*.
-  Each of the maintainers is welcome to join the meeting.
-  For that purpose, we use a dedicated Discord server
-  where you are invited once you have become the official maintainer.
+- Maintainers express their opinions on issues and reviews. 
+  It is fine to have different point of views. 
+  We encourage active and open conversations which goals are to improve Traefik.
+
+- When discussing issues and proposals, maintainers should share as much information as possible to help solve the issue.

 ## Maintainers Activity

@@ -97,38 +83,45 @@ In order to keep the core team efficient and dynamic,
 maintainers' activity and involvement will be reviewed on a regular basis.

 - Has the maintainer engaged with the team and the community by meeting two or more of these benchmarks in the past six months?
+
    - Has the maintainer participated in at least two or three maintainer meetings?
+
    - Substantial review of at least one or two PRs from either contributors or maintainers.
+
    - Opened at least one or two bug fixes or feature request PRs
      that were eventually merged (or on a trajectory for merge).
+
    - Substantial participation in the Help Wanted program (answered questions, helped identify issues, applied guidelines from the Help Wanted guide to open issues).
+
    - Substantial participation with the community in general.

 - Has the maintainer shown a consistent pattern of helpful,
  non-threatening,
  and friendly behavior towards other people on the maintainer team and with our community?

-## Additional Comments for (not only) Maintainers
+## Additional Comments for Maintainers (that should apply to any contributor)
+
+- Be respectful with other maintainers and other community members.
+
+- Be open minded when participating in conversations: try to put yourself in others’ shoes.

- Be able to put yourself in users’ shoes.
- Be open-minded and respectful with other maintainers and other community members.
 - Keep the communication public -
  if anyone tries to communicate with you directly,
  ask politely to move the conversation to a public communication channel.
+
 - Stay away from defensive comments.
+
 - Please try to express your thoughts clearly enough
  and note that some of us are not native English speakers.
  Try to rephrase your sentences, avoiding mental shortcuts;
-  none of us is able to predict your thoughts.
- There are a lot of use cases of using Traefik
-  and even more issues that are difficult to reproduce.
-  If the issue can’t be replicated due to a lack of reproducible case (a simple Docker Compose should be enough) -
-  set your time limits while working on the issue
-  and express clearly that you were not able to replicate it.
-  You can come back later to that case.
+  none of us is able to predict anyone's thoughts.
+
 - Be proactive.
+
 - Emoji are fine,
  but if you express yourself clearly enough they are not necessary.
  They will not replace good communication.
- Embrace mentorship.
- Keep in mind that we all have the same intent to improve the project.
+
+- Embrace mentorship: help others grow and match the quality level we strive for.
+
+- Keep in mind that we all have the same goal: improve the project.
--- a/docs/content/contributing/maintainers.md
+++ b/docs/content/contributing/maintainers.md
@@ -5,18 +5,13 @@ description: "Traefik Proxy is an open source software with a thriving community

 # Maintainers

-## The Team
+## Active Maintainers

 * Emile Vauge [@emilevauge](https://github.com/emilevauge)
-* Vincent Demeester [@vdemeester](https://github.com/vdemeester)
-* Ed Robinson [@errm](https://github.com/errm)
-* Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
 * Manuel Zapf [@SantoDE](https://github.com/SantoDE)
-* Timo Reimann [@timoreimann](https://github.com/timoreimann)
 * Ludovic Fernandez [@ldez](https://github.com/ldez)
 * Julien Salleyron [@juliens](https://github.com/juliens)
 * Nicolas Mengin [@nmengin](https://github.com/nmengin)
-* Marco Jantke [@mjantke](https://github.com/mjeri)
 * Michaël Matur [@mmatur](https://github.com/mmatur)
 * Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
 * Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
@@ -25,109 +20,20 @@ description: "Traefik Proxy is an open source software with a thriving community
 * Kevin Pollet [@kevinpollet](https://github.com/kevinpollet)
 * Harold Ozouf [@jspdown](https://github.com/jspdown)
 * Tom Moulard [@tommoulard](https://github.com/tommoulard)
+* Landry Benguigui [@lbenguigui](https://github.com/lbenguigui)
+* Simon Delicata [@sdelicata](https://github.com/sdelicata)
+* Baptiste Mayelle [@youkoulayley](https://github.com/youkoulayley)
+
+## Past Maintainers
+
+People who have had an incredibly positive impact on the project, and are now focusing on other projects.
+
+* Vincent Demeester [@vdemeester](https://github.com/vdemeester)
+* Ed Robinson [@errm](https://github.com/errm)
+* Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
+* Timo Reimann [@timoreimann](https://github.com/timoreimann)
+* Marco Jantke [@mjantke](https://github.com/mjeri)

 ## Maintainer's Guidelines

-Please read the [maintainer's guidelines](maintainers-guidelines.md)
-
-## Issue Triage
-
-Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).
-
-## PR Review Process
-
-The process for reviewing PRs may be found under [review guidelines](https://github.com/traefik/contributors-guide/blob/master/review_guidelines.md) in our contributors guide repository.
-
-## Labels
-
-A maintainer that looks at an issue/PR must define its `kind/*`, `area/*`, and `status/*`.
-
-### Status - Workflow
-
-The `status/*` labels represent the desired state in the workflow.
-
-* `status/0-needs-triage`: all the new issues and PRs have this status. _[bot only]_
-* `status/1-needs-design-review`: needs a design review. **(only for PR)**
-* `status/2-needs-review`: needs a code/documentation review. **(only for PR)**
-* `status/3-needs-merge`: ready to merge. **(only for PR)**
-* `status/4-merge-in-progress`: merge is in progress. _[bot only]_
-
-### Contributor
-
-* `contributor/need-more-information`: we need more information from the contributor in order to analyze a problem.
-* `contributor/waiting-for-feedback`: we need the contributor to give us feedback.
-* `contributor/waiting-for-corrections`: we need the contributor to take actions in order to move forward with a PR. **(only for PR)** _[bot, humans]_
-* `contributor/needs-resolve-conflicts`: use it only when there is some conflicts (and an automatic rebase is not possible). **(only for PR)** _[bot, humans]_
-
-### Kind
-
-* `kind/enhancement`: a new or improved feature.
-* `kind/question`: a question. **(only for issue)**
-* `kind/proposal`: a proposal that needs to be discussed.
-    * _Proposal issues_ are design proposals
-    * _Proposal PRs_ are technical prototypes that need to be refined with multiple contributors.
-
-* `kind/bug/possible`: a possible bug that needs analysis before it is confirmed or fixed. **(only for issues)**
-* `kind/bug/confirmed`: a confirmed bug (reproducible). **(only for issues)**
-* `kind/bug/fix`: a bug fix. **(only for PR)**
-
-### Resolution
-
-* `resolution/duplicate`: a duplicate issue/PR.
-* `resolution/declined`: declined (Rule #1 of open-source: no is temporary, yes is forever).
-* `WIP`: Work In Progress. **(only for PR)**
-
-### Platform
-
-* `platform/windows`: Windows related.
-
-### Area
-
-* `area/acme`: ACME related.
-* `area/api`: Traefik API related.
-* `area/authentication`: Authentication related.
-* `area/cluster`: Traefik clustering related.
-* `area/documentation`: Documentation related.
-* `area/infrastructure`: CI or Traefik building scripts related.
-* `area/healthcheck`: Health-check related.
-* `area/logs`: Logs related.
-* `area/middleware`: Middleware related.
-* `area/middleware/metrics`: Metrics related. (Prometheus, StatsD, ...)
-* `area/middleware/tracing`: Tracing related. (Jaeger, Zipkin, ...)
-* `area/oxy`: Oxy related.
-* `area/provider`: related to all providers.
-* `area/provider/boltdb`: Boltd DB related.
-* `area/provider/consul`: Consul related.
-* `area/provider/docker`: Docker and Swarm related.
-* `area/provider/ecs`: ECS related.
-* `area/provider/etcd`: Etcd related.
-* `area/provider/eureka`: Eureka related.
-* `area/provider/file`: file provider related.
-* `area/provider/k8s`: Kubernetes related.
-* `area/provider/kv`: KV related.
-* `area/provider/marathon`: Marathon related.
-* `area/provider/mesos`: Mesos related.
-* `area/provider/rancher`: Rancher related.
-* `area/provider/servicefabric`: Azure service fabric related.
-* `area/provider/zk`: Zoo Keeper related.
-* `area/rules`: Rules related.
-* `area/server`: Server related.
-* `area/sticky-session`: Sticky session related.
-* `area/tls`: TLS related.
-* `area/websocket`: WebSocket related.
-* `area/webui`: Web UI related.
-
-### Issues Priority
-
-* `priority/P0`: needs hot fix.
-* `priority/P1`: need to be fixed in next release.
-* `priority/P2`: need to be fixed in the future.
-* `priority/P3`: maybe.
-
-### PR Size
-
-Automatically set by a bot.
-
-* `size/S`: small PR.
-* `size/M`: medium PR.
-* `size/L`: Large PR.
+Please read the [maintainer's guidelines](maintainers-guidelines.md).
--- a/docs/content/contributing/submitting-issues.md
+++ b/docs/content/contributing/submitting-issues.md
@@ -11,8 +11,8 @@ Help Us Help You!
 Issues are perfect for requesting a feature/enhancement or reporting a suspected bug.
 We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik.

-The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
-To help us (and other community members) quickly and effortlessly understand what you need,
+The process of sorting and checking the issues is a daunting task, and requires a lot of work.
+To help maintainers (and other community members) quickly and effortlessly understand what you need,
 be sure to follow the guidelines below.

 !!! important "Getting Help Vs Reporting an Issue"
--- a/docs/content/contributing/submitting-pull-requests.md
+++ b/docs/content/contributing/submitting-pull-requests.md
@@ -17,12 +17,9 @@ or the list of [confirmed bugs](https://github.com/traefik/traefik/labels/kind%2

 ## How We Prioritize

-We wish we could review every pull request right away.
-Unfortunately, our team has to prioritize pull requests (PRs) for review
-(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up,
-if you are interested, check it out and apply).
+We wish we could review every pull request right away, but because it's a time consuming operation, it's not always possible.

-The PRs we are able to handle fastest are:
+The PRs we are able to handle the fastest are:

 * Documentation updates.
 * Bug fixes.
@@ -59,7 +56,7 @@ Merging a PR requires the following steps to be completed before it is merged au
    * Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
 * Pass the validation check.
 * Pass all tests.
-* Receive 3 approving reviews maintainers.
+* Receive 3 approving reviews from maintainers.

 ## Pull Request Review Cycle

@@ -198,7 +195,7 @@ here are some things you can do to move the process along:
 * If you have fixed all the issues from a review,
  remember to re-request a review (using the designated button) to let your reviewer know that you are ready.
  You can choose to comment with the changes you made.
-* Ping `@tfny` if you have not been assigned to a reviewer.
+* Kindly comment on the pull request. Doing so will automatically give your PR visibility during the triage process.

 For more information on best practices, try these links:

--- a/docs/content/contributing/submitting-security-issues.md
+++ b/docs/content/contributing/submitting-security-issues.md
@@ -18,4 +18,6 @@ Reported vulnerabilities can be found on
 ## Report a Vulnerability

 We want to keep Traefik safe for everyone.
-If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io).
+If you've discovered a security vulnerability in Traefik,
+we appreciate your help in disclosing it to us in a responsible manner,
+by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).
--- a/docs/content/contributing/thank-you.md
+++ b/docs/content/contributing/thank-you.md
@@ -9,7 +9,7 @@ _You_ Made It
 {: .subtitle}

 Traefik Proxy truly is an [open-source project](https://github.com/traefik/traefik/),
-and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors) (at the time of writing this),
+and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors),
 not accounting for people having helped with issues, tests, comments, articles, ... or just enjoy using Traefik Proxy and share with others.

 So once again, thank you for your invaluable help in making Traefik such a good product!
@@ -17,16 +17,16 @@ So once again, thank you for your invaluable help in making Traefik such a good
 !!! question "Where to Go Next?"
    If you want to:

-    - Propose and idea, request a feature a report a bug,
-      read the page [Submitting Issues](./submitting-issues.md).
+    - Propose an idea, request a feature, or report a bug, 
+      then read [Submitting Issues](./submitting-issues.md).
    - Discover how to make an efficient contribution,
-      read the page [Submitting Pull Requests](./submitting-pull-requests.md).
+      then read [Submitting Pull Requests](./submitting-pull-requests.md).
    - Learn how to build and test Traefik,
-      the page [Building and Testing](./building-testing.md) is for you.
+      then the page [Building and Testing](./building-testing.md) is for you.
    - Contribute to the documentation,
-      read the related page [Documentation](./documentation.md).
+      then read the page about [Documentation](./documentation.md).
    - Understand how do we learn about Traefik usage,
      read the [Data Collection](./data-collection.md) page.
    - Spread the love about Traefik, please check the [Advocating](./advocating.md) page.
    - Learn about who are the maintainers and how they work on the project,
-      read the [Maintainers](./maintainers.md) page.
+      read the [Maintainers](./maintainers.md) and [Maintainer Guidelines](./maintainers-guidelines.md) pages.
--- a/docs/content/deprecation/features.md
+++ b/docs/content/deprecation/features.md
@@ -2,14 +2,14 @@

 This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.

-| Feature                                                                                             | Deprecated | End of Support | Removal |
-|-----------------------------------------------------------------------------------------------------|------------|----------------|---------|
-| [Pilot](#pilot)                                                                                     | 2.7        | 2.8            | 2.9     |
-| [Consul Enterprise Namespace](#consul-enterprise-namespace)                                         | 2.8        | N/A            | 3.0     |
-| [TLS 1.0 and 1.1 Support](#tls-10-and-11)                                                           | N/A        | 2.8            | N/A     |
-| [Nomad Namespace](#nomad-namespace)                                                                 | 2.10       | N/A            | 3.0     |
-| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crds-api-group-traefikcontainous)     | 2.10       | N/A            | 3.0     |
-| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | N/A        | N/A            | 3.0     |
+| Feature                                                                                                     | Deprecated | End of Support | Removal |
+|-------------------------------------------------------------------------------------------------------------|------------|----------------|---------|
+| [Pilot](#pilot)                                                                                             | 2.7        | 2.8            | 2.9     |
+| [Consul Enterprise Namespace](#consul-enterprise-namespace)                                                 | 2.8        | N/A            | 3.0     |
+| [TLS 1.0 and 1.1 Support](#tls-10-and-11)                                                                   | N/A        | 2.8            | N/A     |
+| [Nomad Namespace](#nomad-namespace)                                                                         | 2.10       | N/A            | 3.0     |
+| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crd-provider-api-group-traefikcontainous)     | 2.10       | N/A            | 3.0     |
+| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crd-provider-api-version-traefikiov1alpha1) | 3.0        | N/A            | 4.0     |

 ## Impact

@@ -35,10 +35,10 @@ Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2.
 Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
 please use the `namespaces` options instead.

-### Kubernetes CRDs API Group `traefik.containo.us`
+### Kubernetes CRD Provider API Group `traefik.containo.us`

-In v2.10, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
+In v2.10, the Kubernetes CRD provider API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.

-### Kubernetes CRDs API Version `traefik.io/v1alpha1`
+### Kubernetes CRD Provider API Version `traefik.io/v1alpha1`

-The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`.
+The Kubernetes CRD provider API Version `traefik.io/v1alpha1` will subsequently be deprecated in Traefik v3. The next version will be `traefik.io/v1`.
--- a/docs/content/deprecation/releases.md
+++ b/docs/content/deprecation/releases.md
@@ -6,7 +6,9 @@ Below is a non-exhaustive list of versions and their maintenance status:

 | Version | Release Date | Active Support     | Security Support | 
 |---------|--------------|--------------------|------------------|
-| 2.9     | Oct 03, 2022 | Yes                | Yes              |
+| 2.11    | Feb 12, 2024 | Yes                | Yes              |
+| 2.10    | Apr 24, 2023 | Ended Feb 12, 2024 | No               |
+| 2.9     | Oct 03, 2022 | Ended Apr 24, 2023 | No               |
 | 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 | No               |
 | 2.7     | May 24, 2022 | Ended Jun 29, 2022 | No               |
 | 2.6     | Jan 24, 2022 | Ended May 24, 2022 | No               |
--- a/docs/content/getting-started/concepts.md
+++ b/docs/content/getting-started/concepts.md
@@ -11,7 +11,7 @@ This page explains the base concepts of Traefik.

 ## Introduction

-Traefik is based on the concept of EntryPoints, Routers, Middelwares and Services.
+Traefik is based on the concept of EntryPoints, Routers, Middlewares and Services.

 The main features include dynamic configuration, automatic service discovery, and support for multiple backends and protocols.

@@ -25,7 +25,7 @@ The main features include dynamic configuration, automatic service discovery, an

 ## Edge Router

-Traefik is an *Edge Router*, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
+Traefik is an *Edge Router*; this means that it's the door to your platform, and that it intercepts and routes every incoming request:
 it knows all the logic and every [rule](../routing/routers/index.md#rule "Link to docs about routing rules") that determine which services handle which requests (based on the *path*, the *host*, *headers*, etc.).

 ![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png "Picture explaining the infrastructure")
@@ -38,7 +38,7 @@ Deploying your services, you attach information that tells Traefik the character

 ![Decentralized Configuration](../assets/img/traefik-concepts-2.png "Picture about Decentralized Configuration")

-It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
+This means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
 Similarly, when a service is removed from the infrastructure, the corresponding route is deleted accordingly.

 You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.
--- a/docs/content/getting-started/configuration-overview.md
+++ b/docs/content/getting-started/configuration-overview.md
@@ -79,14 +79,14 @@ traefik --help
 # or

 docker run traefik[:version] --help
-# ex: docker run traefik:v2.10 --help
+# ex: docker run traefik:v2.11 --help
 ```

-All available arguments can also be found [here](../reference/static-configuration/cli.md).
+Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.

 ### Environment Variables

-All available environment variables can be found [here](../reference/static-configuration/env.md)
+All available environment variables can be found in the [static configuration environment overview](../reference/static-configuration/env.md).

 ## Available Configuration Options

--- a/docs/content/getting-started/faq.md
+++ b/docs/content/getting-started/faq.md
@@ -29,7 +29,7 @@ Not to mention that dynamic configuration changes potentially make that kind of
 Therefore, in this dynamic context,
 the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed.
 Or whether it's even going to be routed at all,
-i.e. whether there is a Router matching the kind of traffic going through it.
+that is whether there is a Router matching the kind of traffic going through it.

 ### `404 Not found`

@@ -71,7 +71,7 @@ Traefik returns a `502` response code when an error happens while contacting the

 ### `503 Service Unavailable`

-Traefik returns a `503` response code when a Router has been matched
+Traefik returns a `503` response code when a Router has been matched,
 but there are no servers ready to handle the request.

 This situation is encountered when a service has been explicitly configured without servers,
@@ -84,7 +84,7 @@ Sometimes, the `404` response code doesn't play well with other parties or servi
 In these situations, you may want Traefik to always reply with a `503` response code,
 instead of a `404` response code.

-To achieve this behavior, a simple catchall router,
+To achieve this behavior, a catchall router,
 with the lowest possible priority and routing to a service without servers,
 can handle all the requests when no other router has been matched.

@@ -130,7 +130,7 @@ http:
    the principle of the above example above (a catchall router) still stands,
    but the `unavailable` service should be adapted to fit such a need.

-## Why Is My TLS Certificate Not Reloaded When Its Contents Change? 
+## Why Is My TLS Certificate Not Reloaded When Its Contents Change?

 With the file provider,
 a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
@@ -158,6 +158,56 @@ By default, the following headers are automatically added when proxying requests
 For more details,
 please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.

+## How Traefik is Storing and Serving TLS Certificates?
+
+### Storing TLS Certificates
+
+[TLS](../https/tls.md "Link to Traefik TLS docs") certificates are either provided directly by the [dynamic configuration](./configuration-overview.md#the-dynamic-configuration "Link to dynamic configuration overview") from [providers](../https/tls.md#user-defined "Link to the TLS configuration"),
+or by [ACME resolvers](../https/acme.md#providers "Link to ACME resolvers"), which act themselves as providers internally.
+
+For each TLS certificate, Traefik produces an identifier used as a key to store it.
+This identifier is constructed as the alphabetically ordered concatenation of the SANs `DNSNames` and `IPAddresses` of the TLScertificate.
+
+#### Examples:
+
+| X509v3 Subject Alternative Name         | TLS Certificate Identifier  |
+|-----------------------------------------|-----------------------------|
+| `DNS:example.com, IP Address:127.0.0.1` | `127.0.0.1,example.com`     |
+| `DNS:example.com, DNS:*.example.com`    | `*.example.com,example.com` |
+
+The identifier is used to store TLS certificates in order to be later used to handle TLS connections.
+This operation happens each time there are configuration changes.
+
+If multiple TLS certificates are provided with the same SANs definition (same identifier), only the one processed first is kept.
+Because the dynamic configuration is aggregated from all providers,
+when processing it to gather TLS certificates,
+there is no guarantee of the order in which they would be processed.
+This means that along with configurations applied, it is possible that the TLS certificate retained for a given identifier differs.
+
+### Serving TLS Certificates
+
+For each incoming connection, Traefik is serving the "best" matching TLS certificate for the provided server name.
+
+The TLS certificate selection process narrows down the list of TLS certificates matching the server name,
+and then selects the last TLS certificate in this list after having ordered it by the identifier alphabetically.
+
+#### Examples:
+
+| Selected TLS Certificates Identifiers               | Sorted TLS Certificates Identifiers                 | Served Certificate Identifier |
+|-----------------------------------------------------|-----------------------------------------------------|-------------------------------|
+| `127.0.0.1,example.com`,`*.example.com,example.com` | `*.example.com,example.com`,`127.0.0.1,example.com` | `127.0.0.1,example.com`       |
+| `*.example.com,example.com`,`example.com`           | `*.example.com,example.com`,`example.com`           | `example.com`                 |
+
+### Caching TLS Certificates
+
+While Traefik is serving the best matching TLS certificate for each incoming connection,
+the selection process cost for each incoming connection is avoided thanks to a cache mechanism.
+
+Once a TLS certificate has been selected as the "best" TLS certificate for a server name,
+it is cached for an hour, avoiding the selection process for further connections.
+
+Nonetheless, when a new configuration is applied, the cache is reset.
+
 ## What does the "field not found" error mean?

 ```shell
@@ -166,7 +216,7 @@ error: field not found, node: -badField-

 The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration.

-One easy way to check whether a configuration file is well-formed, is to validate it with:
+One way to check whether a configuration file is well-formed, is to validate it with:

 - [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json)
 - [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json)
@@ -176,11 +226,11 @@ One easy way to check whether a configuration file is well-formed, is to validat
 As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated,
 one should look for an error in the logs.

-If found, the error obviously confirms that something went wrong while creating the resource,
+If found, the error confirms that something went wrong while creating the resource,
 and the message should help in figuring out the mistake(s) in the configuration, and how to fix it.

 When using the file provider,
-one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
+one way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).

 ## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?

@@ -198,6 +248,6 @@ then it could be due to `CNAME` support.
 In which case, you should make sure your infrastructure is properly set up for a
 `DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:

-```bash
+```shell
 LEGO_DISABLE_CNAME_SUPPORT=true
 ```
--- a/docs/content/getting-started/install-traefik.md
+++ b/docs/content/getting-started/install-traefik.md
@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:

 Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:

-* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.yml)
-* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.toml)
+* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.11/traefik.sample.yml)
+* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.11/traefik.sample.toml)

-```bash
+```shell
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.10
+    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.11
 ```

 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 !!! tip

    * Prefer a fixed version than the latest that could be an unexpected version.
-    ex: `traefik:v2.10`
+    ex: `traefik:v2.11`
    * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
    * Any orchestrator using docker images can fetch the official Traefik docker image.

@@ -59,7 +59,7 @@ You can update the chart repository by running:
 helm repo update
 ```

-And install it with the `helm` command line:
+And install it with the Helm command line:

 ```bash
 helm install traefik traefik/traefik
@@ -69,7 +69,7 @@ helm install traefik traefik/traefik

    All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.

-    Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md). 
+    Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md).

    For instance, installing the chart in a dedicated namespace:

@@ -106,7 +106,7 @@ helm install traefik traefik/traefik

 ### Exposing the Traefik dashboard

-This HelmChart does not expose the Traefik dashboard by default, for security concerns.
+This Helm chart does not expose the Traefik dashboard by default, for security concerns.
 Thus, there are multiple ways to expose the dashboard.
 For instance, the dashboard access could be achieved through a port-forward:

--- a/docs/content/getting-started/quick-start-with-kubernetes.md
+++ b/docs/content/getting-started/quick-start-with-kubernetes.md
@@ -1,23 +1,23 @@
 ---
 title: "Traefik Getting Started With Kubernetes"
-description: "Looking to get started with Traefik Proxy? Read the technical documentation to learn a simple use case that leverages Kubernetes."
+description: "Get started with Traefik Proxy and Kubernetes."
 ---

 # Quick Start

-A Simple Use Case of Traefik Proxy and Kubernetes
+A Use Case of Traefik Proxy and Kubernetes
 {: .subtitle }

-This guide is an introduction to using Traefik Proxy in a Kubernetes environment.
-The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.
+This guide is an introduction to using Traefik Proxy in a Kubernetes environment.  
+The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.  
 It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration.

 ## Permissions and Accesses

 Traefik uses the Kubernetes API to discover running services.

-In order to use the Kubernetes API, Traefik needs some permissions.
-This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.
+To use the Kubernetes API, Traefik needs some permissions.
+This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.  
 The role is then bound to an account used by an application, in this case, Traefik Proxy.

 The first step is to create the role.
@@ -88,7 +88,7 @@ roleRef:
 subjects:
  - kind: ServiceAccount
    name: traefik-account
-    namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.
+    namespace: default # This tutorial uses the "default" K8s namespace.
 ```

 !!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`."
@@ -102,7 +102,7 @@ subjects:
 !!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)."

 The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller)
-is a software that runs in the same way as any other application on a cluster.
+is a software that runs in the same way as any other application on a cluster.  
 To start Traefik on the Kubernetes cluster,
 a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure
 and scale containers horizontally to support larger workloads.
@@ -130,7 +130,7 @@ spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
-          image: traefik:v2.10
+          image: traefik:v2.11
          args:
            - --api.insecure
            - --providers.kubernetesingress
@@ -141,12 +141,12 @@ spec:
              containerPort: 8080
 ```

-The deployment contains an important attribute for customizing Traefik: `args`.
-These arguments are the static configuration for Traefik.
+The deployment contains an important attribute for customizing Traefik: `args`.  
+These arguments are the static configuration for Traefik.  
 From here, it is possible to enable the dashboard,
 configure entry points,
 select dynamic configuration providers,
-and [more](../reference/static-configuration/cli.md)...
+and [more](../reference/static-configuration/cli.md).

 In this deployment,
 the static configuration enables the Traefik dashboard,
@@ -159,10 +159,10 @@ and uses Kubernetes native Ingress resources as router definitions to route inco
 !!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`."

 A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
-Each Pod is configured following the `spec` field in the deployment.
+Each Pod is configured following the `spec` field in the deployment.  
 Given that, a Deployment can run multiple Traefik Proxy Pods,
 a piece is required to forward the traffic to any of the instance:
-namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).
+namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).  
 Create a file called `02-traefik-services.yml` and insert the two `Service` resources:

 ```yaml tab="02-traefik-services.yml"
@@ -195,7 +195,7 @@ spec:

 !!! warning "It is possible to expose a service in different ways."

-    Depending on your working environment and use case, the `spec.type` might change.
+    Depending on your working environment and use case, the `spec.type` might change.  
    It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step.

 It is now time to apply those files on your cluster to start Traefik.
@@ -210,11 +210,11 @@ kubectl apply -f 00-role.yml \

 ## Proxying applications

-The only part still missing is the business application behind the reverse proxy.
+The only part still missing is the business application behind the reverse proxy.  
 For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami),
 but the principles are applicable to any other application.

-The `whoami` application is a simple HTTP server running on port 80 which answers host-related information to the incoming requests.
+The `whoami` application is an HTTP server running on port 80 which answers host-related information to the incoming requests.  
 As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource:

 ```yaml tab="03-whoami.yml"
@@ -262,8 +262,8 @@ spec:
 ```

 Thanks to the Kubernetes API,
-Traefik is notified when an Ingress resource is created, updated, or deleted.
-This makes the process dynamic.
+Traefik is notified when an Ingress resource is created, updated, or deleted.  
+This makes the process dynamic.  
 The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik.

 !!! tip
@@ -316,3 +316,5 @@ curl -v http://localhost/
    - [Filter the ingresses](../providers/kubernetes-ingress.md#ingressclass) to use with [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
    - Use [IngressRoute CRD](../providers/kubernetes-crd.md)
    - Protect [ingresses with TLS](../routing/providers/kubernetes-ingress.md#enabling-tls-via-annotations)
+    
+{!traefik-for-business-applications.md!}
--- a/docs/content/getting-started/quick-start.md
+++ b/docs/content/getting-started/quick-start.md
@@ -1,11 +1,11 @@
 ---
 title: "Traefik Getting Started Quickly"
-description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to learn a simple use case that leverages Docker."
+description: "Get started with Traefik Proxy and Docker."
 ---

 # Quick Start

-A Simple Use Case Using Docker
+A Use Case Using Docker
 {: .subtitle }

 ![quickstart-diagram](../assets/img/quickstart-diagram.png)
@@ -20,7 +20,7 @@ version: '3'
 services:
  reverse-proxy:
    # The official v2 Traefik docker image
-    image: traefik:v2.10
+    image: traefik:v2.11
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
@@ -41,11 +41,11 @@ Start your `reverse-proxy` with the following command:
 docker-compose up -d reverse-proxy
 ```

-You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
+You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (you'll go back there once you have launched a service in step 2).

 ## Traefik Detects New Services and Creates the Route for You

-Now that we have a Traefik instance up and running, we will deploy new services.
+Now that you have a Traefik instance up and running, you will deploy new services.

 Edit your `docker-compose.yml` file and add the following at the end of your file.

@@ -63,7 +63,7 @@ services:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
 ```

-The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).
+The above defines `whoami`: a web service that outputs information about the machine it is deployed on (its IP address, host, and others).

 Start the `whoami` service with the following command:

@@ -73,7 +73,7 @@ docker-compose up -d whoami

 Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new container and updated its own configuration.

-When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_  (Here, we're using curl)
+When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_  (Here, you're using curl)

 ```shell
 curl -H Host:whoami.docker.localhost http://127.0.0.1
@@ -103,7 +103,7 @@ Finally, see that Traefik load-balances between the two instances of your servic
 curl -H Host:whoami.docker.localhost http://127.0.0.1
 ```

-The output will show alternatively one of the followings:
+The output will show alternatively one of the following:

 ```yaml
 Hostname: a656c8ddca6c
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -11,7 +11,7 @@ Automatic HTTPS
 You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation.

 !!! warning "Let's Encrypt and Rate Limiting"
-    Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to __one week__, and can not be overridden.
+    Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to **one week**, and can not be overridden.
    
    When running Traefik in a container this file should be persisted across restarts. 
    If Traefik requests new certificates each time it starts up, a crash-looping container can quickly reach Let's Encrypt's ratelimits.
@@ -294,6 +294,12 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
    LEGO_DISABLE_CNAME_SUPPORT=true
    ```

+!!! warning "Multiple DNS Challenge provider"
+    
+    Multiple DNS challenge provider are not supported with Traefik, but you can use `CNAME` to handle that.
+    For example, if you have `example.org` (account foo) and `example.com` (account bar) you can create a CNAME on `example.org` called `_acme-challenge.example.org` pointing to `challenge.example.com`.
+    This way, you can obtain certificates for `example.com` with the `foo` account.
+
 !!! important
    A `provider` is mandatory.

@@ -308,121 +314,139 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used

 For complete details, refer to your provider's _Additional configuration_ link.

-| Provider Name                                                            | Provider Code      | Environment Variables                                                                                                                       |                                                                                 |
-|--------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
-| [ACME DNS](https://github.com/joohoi/acme-dns)                           | `acme-dns`         | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)         |
-| [Alibaba Cloud](https://www.alibabacloud.com)                            | `alidns`           | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)           |
-| [all-inkl](https://all-inkl.com)                                         | `allinkl`          | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)          |
-| [ArvanCloud](https://www.arvancloud.com/en)                              | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
-| [Auroradns](https://www.pcextreme.com/dns-health-checks)                 | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
-| [Autodns](https://www.internetx.com/domains/autodns/)                    | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
-| [Azure](https://azure.microsoft.com/services/dns/)                       | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
-| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)               | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
-| [Blue Cat](https://www.bluecatnetworks.com/)                             | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
-| [Checkdomain](https://www.checkdomain.de/)                               | `checkdomain`      | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/)     |
-| [Civo](https://www.civo.com/)                                            | `civo`             | `CIVO_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/civo)             |
-| [CloudDNS](https://vshosting.eu/)                                        | `clouddns`         | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)         |
-| [Cloudflare](https://www.cloudflare.com)                                 | `cloudflare`       | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)       |
-| [ClouDNS](https://www.cloudns.net/)                                      | `cloudns`          | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)          |
-| [CloudXNS](https://www.cloudxns.net)                                     | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
-| [ConoHa](https://www.conoha.jp)                                          | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
-| [Constellix](https://constellix.com)                                     | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
-| [deSEC](https://desec.io)                                                | `desec`            | `DESEC_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/desec)            |
-| [DigitalOcean](https://www.digitalocean.com)                             | `digitalocean`     | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean)     |
-| [DNS Made Easy](https://dnsmadeeasy.com)                                 | `dnsmadeeasy`      | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)      |
-| [dnsHome.de](https://www.dnshome.de)                                     | `dnsHomede`        | `DNSHOMEDE_CREDENTIALS`                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede)        |
-| [DNSimple](https://dnsimple.com)                                         | `dnsimple`         | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)         |
-| [DNSPod](https://www.dnspod.com/)                                        | `dnspod`           | `DNSPOD_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
-| [Domain Offensive (do.de)](https://www.do.de/)                           | `dode`             | `DODE_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/dode)             |
-| [Domeneshop](https://domene.shop)                                        | `domeneshop`       | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)       |
-| [DreamHost](https://www.dreamhost.com/)                                  | `dreamhost`        | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)        |
-| [Duck DNS](https://www.duckdns.org/)                                     | `duckdns`          | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)          |
-| [Dyn](https://dyn.com)                                                   | `dyn`              | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)              |
-| [Dynu](https://www.dynu.com)                                             | `dynu`             | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)             |
-| [EasyDNS](https://easydns.com/)                                          | `easydns`          | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)          |
-| [EdgeDNS](https://www.akamai.com/)                                       | `edgedns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
-| [Epik](https://www.epik.com)                                             | `epik`             | `EPIK_SIGNATURE`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/epik)             |
-| [Exoscale](https://www.exoscale.com)                                     | `exoscale`         | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)         |
-| [Fast DNS](https://www.akamai.com/)                                      | `fastdns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
-| [Freemyip.com](https://freemyip.com)                                     | `freemyip`         | `FREEMYIP_TOKEN`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)         |
-| [G-Core Lab](https://gcorelabs.com/dns/)                                 | `gcore`            | `GCORE_PERMANENT_API_TOKEN`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)            |
-| [Gandi v5](https://doc.livedns.gandi.net)                                | `gandiv5`          | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
-| [Gandi](https://www.gandi.net)                                           | `gandi`            | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)            |
-| [Glesys](https://glesys.com/)                                            | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
-| [GoDaddy](https://www.godaddy.com)                                       | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
-| [Google Cloud DNS](https://cloud.google.com/dns/docs/)                   | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
-| [Hetzner](https://hetzner.com)                                           | `hetzner`          | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
-| [hosting.de](https://www.hosting.de)                                     | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
-| [Hosttech](https://www.hosttech.eu)                                      | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
-| [Hurricane Electric](https://dns.he.net)                                 | `hurricane`        | `HURRICANE_TOKENS` [^6]                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)        |
-| [HyperOne](https://www.hyperone.com)                                     | `hyperone`         | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)         |
-| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                      | `ibmcloud`         | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)         |
-| [IIJ DNS Platform Service](https://www.iij.ad.jp)                        | `iijdpf`           | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE`                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf)           |
-| [IIJ](https://www.iij.ad.jp/)                                            | `iij`              | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)              |
-| [Infoblox](https://www.infoblox.com/)                                    | `infoblox`         | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox)         |
-| [Infomaniak](https://www.infomaniak.com)                                 | `infomaniak`       | `INFOMANIAK_ACCESS_TOKEN`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak)       |
-| [Internet.bs](https://internetbs.net)                                    | `internetbs`       | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs)       |
-| [INWX](https://www.inwx.de/en)                                           | `inwx`             | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)             |
-| [ionos](https://ionos.com/)                                              | `ionos`            | `IONOS_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/ionos)            |
-| [iwantmyname](https://iwantmyname.com)                                   | `iwantmyname`      | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)      |
-| [Joker.com](https://joker.com)                                           | `joker`            | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/joker)            |
-| [Liara](https://liara.ir)                                                | `liara`            | `LIARA_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liara)            |
-| [Lightsail](https://aws.amazon.com/lightsail/)                           | `lightsail`        | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)        |
-| [Linode v4](https://www.linode.com)                                      | `linode`           | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)           |
-| [Liquid Web](https://www.liquidweb.com/)                                 | `liquidweb`        | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)        |
-| [Loopia](https://loopia.com/)                                            | `loopia`           | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)           |
-| [LuaDNS](https://luadns.com)                                             | `luadns`           | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)           |
-| [MyDNS.jp](https://www.mydns.jp/)                                        | `mydnsjp`          | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)          |
-| [Mythic Beasts](https://www.mythic-beasts.com)                           | `mythicbeasts`     | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts)     |
-| [name.com](https://www.name.com/)                                        | `namedotcom`       | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)       |
-| [Namecheap](https://www.namecheap.com)                                   | `namecheap`        | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)        |
-| [Namesilo](https://www.namesilo.com/)                                    | `namesilo`         | `NAMESILO_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)         |
-| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/)                | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
-| [Netcup](https://www.netcup.eu/)                                         | `netcup`           | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)           |
-| [Netlify](https://www.netlify.com)                                       | `netlify`          | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)          |
-| [Nicmanager](https://www.nicmanager.com)                                 | `nicmanager`       | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager)       |
-| [NIFCloud](https://cloud.nifty.com/service/dns.htm)                      | `nifcloud`         | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)         |
-| [Njalla](https://njal.la)                                                | `njalla`           | `NJALLA_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)           |
-| [NS1](https://ns1.com/)                                                  | `ns1`              | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)              |
-| [Open Telekom Cloud](https://cloud.telekom.de)                           | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
-| [Openstack Designate](https://docs.openstack.org/designate)              | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
-| [Oracle Cloud](https://cloud.oracle.com/home)                            | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
-| [OVH](https://www.ovh.com)                                               | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
-| [Porkbun](https://porkbun.com/)                                          | `porkbun`          | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)          |
-| [PowerDNS](https://www.powerdns.com)                                     | `pdns`             | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)             |
-| [Rackspace](https://www.rackspace.com/cloud/dns)                         | `rackspace`        | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)        |
-| [reg.ru](https://www.reg.ru)                                             | `regru`            | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)            |
-| [RFC2136](https://tools.ietf.org/html/rfc2136)                           | `rfc2136`          | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)          |
-| [RimuHosting](https://rimuhosting.com)                                   | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
-| [Route 53](https://aws.amazon.com/route53/)                              | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
-| [Sakura Cloud](https://cloud.sakura.ad.jp/)                              | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
-| [Scaleway](https://www.scaleway.com)                                     | `scaleway`         | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
-| [Selectel](https://selectel.ru/en/)                                      | `selectel`         | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)         |
-| [Servercow](https://servercow.de)                                        | `servercow`        | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)        |
-| [Simply.com](https://www.simply.com/en/domains/)                         | `simply`           | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/simply)           |
-| [Sonic](https://www.sonic.com/)                                          | `sonic`            | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)            |
-| [Stackpath](https://www.stackpath.com/)                                  | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
-| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)               | `tencentcloud`     | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud)     |
-| [TransIP](https://www.transip.nl/)                                       | `transip`          | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/transip)          |
-| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html)   | `safedns`          | `SAFEDNS_AUTH_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)          |
-| [Ultradns](https://neustarsecurityservices.com/dns-services)             | `ultradns`         | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns)         |
-| [Variomedia](https://www.variomedia.de/)                                 | `variomedia`       | `VARIOMEDIA_API_TOKEN`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia)       |
-| [VegaDNS](https://github.com/shupp/VegaDNS-API)                          | `vegadns`          | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)          |
-| [Vercel](https://vercel.com)                                             | `vercel`           | `VERCEL_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vercel)           |
-| [Versio](https://www.versio.nl/domeinnamen)                              | `versio`           | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/versio)           |
-| [VinylDNS](https://www.vinyldns.io)                                      | `vinyldns`         | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns)         |
-| [VK Cloud](https://mcs.mail.ru/)                                         | `vkcloud`          | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud)          |
-| [Vscale](https://vscale.io/)                                             | `vscale`           | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)           |
-| [VULTR](https://www.vultr.com)                                           | `vultr`            | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)            |
-| [Websupport](https://websupport.sk)                                      | `websupport`       | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/websupport)       |
-| [WEDOS](https://www.wedos.com)                                           | `wedos`            | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)            |
-| [Yandex Cloud](https://cloud.yandex.com/en/)                             | `yandexcloud`      | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud)      |
-| [Yandex](https://yandex.com)                                             | `yandex`           | `YANDEX_PDD_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)           |
-| [Zone.ee](https://www.zone.ee)                                           | `zoneee`           | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)           |
-| [Zonomi](https://zonomi.com)                                             | `zonomi`           | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)           |
-| External Program                                                         | `exec`             | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)             |
-| HTTP request                                                             | `httpreq`          | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)          |
-| manual                                                                   | `manual`           | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                                 |
+| Provider Name                                                          | Provider Code      | Environment Variables                                                                                                                                                            |                                                                                 |
+|------------------------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
+| [ACME DNS](https://github.com/joohoi/acme-dns)                         | `acme-dns`         | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)         |
+| [Alibaba Cloud](https://www.alibabacloud.com)                          | `alidns`           | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)           |
+| [all-inkl](https://all-inkl.com)                                       | `allinkl`          | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)          |
+| [ArvanCloud](https://www.arvancloud.ir/en)                             | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
+| [Auroradns](https://www.pcextreme.com/dns-health-checks)               | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
+| [Autodns](https://www.internetx.com/domains/autodns/)                  | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
+| [Azure](https://azure.microsoft.com/services/dns/)  (DEPRECATED)       | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`                                        | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
+| [AzureDNS](https://azure.microsoft.com/services/dns/)                  | `azuredns`         | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_ENVIRONMENT]`, `[AZURE_PRIVATE_ZONE]`, `[AZURE_ZONE_NAME]` | [Additional configuration](https://go-acme.github.io/lego/dns/azuredns)         |
+| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)             | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
+| [Blue Cat](https://www.bluecatnetworks.com/)                           | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
+| [Brandit](https://www.brandit.com)                                     | `brandit`          | `BRANDIT_API_USERNAME`, `BRANDIT_API_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/brandit)          |
+| [Bunny](https://bunny.net)                                             | `bunny`            | `BUNNY_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/bunny)            |
+| [Checkdomain](https://www.checkdomain.de/)                             | `checkdomain`      | `CHECKDOMAIN_TOKEN`,                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/)     |
+| [Civo](https://www.civo.com/)                                          | `civo`             | `CIVO_TOKEN`                                                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/civo)             |
+| [Cloud.ru](https://cloud.ru)                                           | `cloudru`          | `CLOUDRU_SERVICE_INSTANCE_ID`, `CLOUDRU_KEY_ID`, `CLOUDRU_SECRET`                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/cloudru)          |
+| [CloudDNS](https://vshosting.eu/)                                      | `clouddns`         | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)         |
+| [Cloudflare](https://www.cloudflare.com)                               | `cloudflare`       | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)       |
+| [ClouDNS](https://www.cloudns.net/)                                    | `cloudns`          | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)          |
+| [CloudXNS](https://www.cloudxns.net)                                   | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
+| [ConoHa](https://www.conoha.jp)                                        | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
+| [Constellix](https://constellix.com)                                   | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
+| [CPanel and WHM](https://cpanel.net/)                                  | `cpanel`           | `CPANEL_MODE`, `CPANEL_USERNAME`, `CPANEL_TOKEN`, `CPANEL_BASE_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cpanel)           |
+| [Derak Cloud](https://derak.cloud/)                                    | `derak`            | `DERAK_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/derak)            |
+| [deSEC](https://desec.io)                                              | `desec`            | `DESEC_TOKEN`                                                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/desec)            |
+| [DigitalOcean](https://www.digitalocean.com)                           | `digitalocean`     | `DO_AUTH_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean)     |
+| [DNS Made Easy](https://dnsmadeeasy.com)                               | `dnsmadeeasy`      | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)      |
+| [dnsHome.de](https://www.dnshome.de)                                   | `dnsHomede`        | `DNSHOMEDE_CREDENTIALS`                                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede)        |
+| [DNSimple](https://dnsimple.com)                                       | `dnsimple`         | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)         |
+| [DNSPod](https://www.dnspod.com/)                                      | `dnspod`           | `DNSPOD_API_KEY`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
+| [Domain Offensive (do.de)](https://www.do.de/)                         | `dode`             | `DODE_TOKEN`                                                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/dode)             |
+| [Domeneshop](https://domene.shop)                                      | `domeneshop`       | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)       |
+| [DreamHost](https://www.dreamhost.com/)                                | `dreamhost`        | `DREAMHOST_API_KEY`                                                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)        |
+| [Duck DNS](https://www.duckdns.org/)                                   | `duckdns`          | `DUCKDNS_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)          |
+| [Dyn](https://dyn.com)                                                 | `dyn`              | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)              |
+| [Dynu](https://www.dynu.com)                                           | `dynu`             | `DYNU_API_KEY`                                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)             |
+| [EasyDNS](https://easydns.com/)                                        | `easydns`          | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)          |
+| [EdgeDNS](https://www.akamai.com/)                                     | `edgedns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
+| [Efficient IP](https://efficientip.com)                                | `efficientip`      | `EFFICIENTIP_USERNAME`, `EFFICIENTIP_PASSWORD`, `EFFICIENTIP_HOSTNAME`, `EFFICIENTIP_DNS_NAME`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/efficientip)      |
+| [Epik](https://www.epik.com)                                           | `epik`             | `EPIK_SIGNATURE`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/epik)             |
+| [Exoscale](https://www.exoscale.com)                                   | `exoscale`         | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)         |
+| [Fast DNS](https://www.akamai.com/)                                    | `fastdns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
+| [Freemyip.com](https://freemyip.com)                                   | `freemyip`         | `FREEMYIP_TOKEN`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)         |
+| [G-Core](https://gcore.com/dns/)                                       | `gcore`            | `GCORE_PERMANENT_API_TOKEN`                                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)            |
+| [Gandi v5](https://doc.livedns.gandi.net)                              | `gandiv5`          | `GANDIV5_PERSONAL_ACCESS_TOKEN`                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
+| [Gandi](https://www.gandi.net)                                         | `gandi`            | `GANDI_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)            |
+| [Glesys](https://glesys.com/)                                          | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
+| [GoDaddy](https://www.godaddy.com)                                     | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
+| [Google Cloud DNS](https://cloud.google.com/dns/docs/)                 | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
+| [Google Domains](https://domains.google)                               | `googledomains`    | `GOOGLE_DOMAINS_ACCESS_TOKEN`                                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains)    |
+| [Hetzner](https://hetzner.com)                                         | `hetzner`          | `HETZNER_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
+| [hosting.de](https://www.hosting.de)                                   | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
+| [Hosttech](https://www.hosttech.eu)                                    | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
+| [http.net](https://www.http.net/)                                      | `httpnet`          | `HTTPNET_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet)          |
+| [Hurricane Electric](https://dns.he.net)                               | `hurricane`        | `HURRICANE_TOKENS` [^6]                                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)        |
+| [HyperOne](https://www.hyperone.com)                                   | `hyperone`         | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)         |
+| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                    | `ibmcloud`         | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)         |
+| [IIJ DNS Platform Service](https://www.iij.ad.jp)                      | `iijdpf`           | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf)           |
+| [IIJ](https://www.iij.ad.jp/)                                          | `iij`              | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/iij)              |
+| [Infoblox](https://www.infoblox.com/)                                  | `infoblox`         | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox)         |
+| [Infomaniak](https://www.infomaniak.com)                               | `infomaniak`       | `INFOMANIAK_ACCESS_TOKEN`                                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak)       |
+| [Internet.bs](https://internetbs.net)                                  | `internetbs`       | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD`                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs)       |
+| [INWX](https://www.inwx.de/en)                                         | `inwx`             | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)             |
+| [ionos](https://ionos.com/)                                            | `ionos`            | `IONOS_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/ionos)            |
+| [IPv64](https://ipv64.net)                                             | `ipv64`            | `IPV64_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/ipv64)            |
+| [iwantmyname](https://iwantmyname.com)                                 | `iwantmyname`      | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)      |
+| [Joker.com](https://joker.com)                                         | `joker`            | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/joker)            |
+| [Liara](https://liara.ir)                                              | `liara`            | `LIARA_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/liara)            |
+| [Lightsail](https://aws.amazon.com/lightsail/)                         | `lightsail`        | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)        |
+| [Linode v4](https://www.linode.com)                                    | `linode`           | `LINODE_TOKEN`                                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/linode)           |
+| [Liquid Web](https://www.liquidweb.com/)                               | `liquidweb`        | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)        |
+| [Loopia](https://loopia.com/)                                          | `loopia`           | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)           |
+| [LuaDNS](https://luadns.com)                                           | `luadns`           | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)           |
+| [Mail-in-a-Box](https://mailinabox.email)                              | `mailinabox`       | `MAILINABOX_EMAIL`, `MAILINABOX_PASSWORD`, `MAILINABOX_BASE_URL`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/mailinabox)       |
+| [Metaname](https://metaname.net)                                       | `metaname`         | `METANAME_ACCOUNT_REFERENCE`, `METANAME_API_KEY`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/metaname)         |
+| [MyDNS.jp](https://www.mydns.jp/)                                      | `mydnsjp`          | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)          |
+| [Mythic Beasts](https://www.mythic-beasts.com)                         | `mythicbeasts`     | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts)     |
+| [name.com](https://www.name.com/)                                      | `namedotcom`       | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)       |
+| [Namecheap](https://www.namecheap.com)                                 | `namecheap`        | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)        |
+| [Namesilo](https://www.namesilo.com/)                                  | `namesilo`         | `NAMESILO_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)         |
+| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/)              | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
+| [Netcup](https://www.netcup.eu/)                                       | `netcup`           | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)           |
+| [Netlify](https://www.netlify.com)                                     | `netlify`          | `NETLIFY_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)          |
+| [Nicmanager](https://www.nicmanager.com)                               | `nicmanager`       | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager)       |
+| [NIFCloud](https://cloud.nifty.com/service/dns.htm)                    | `nifcloud`         | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)         |
+| [Njalla](https://njal.la)                                              | `njalla`           | `NJALLA_TOKEN`                                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)           |
+| [Nodion](https://www.nodion.com)                                       | `nodion`           | `NODION_API_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/nodion)           |
+| [NS1](https://ns1.com/)                                                | `ns1`              | `NS1_API_KEY`                                                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)              |
+| [Open Telekom Cloud](https://cloud.telekom.de)                         | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
+| [Openstack Designate](https://docs.openstack.org/designate)            | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
+| [Oracle Cloud](https://cloud.oracle.com/home)                          | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID`                                      | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
+| [OVH](https://www.ovh.com)                                             | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
+| [Plesk](https://www.plesk.com)                                         | `plesk`            | `PLESK_SERVER_BASE_URL`, `PLESK_USERNAME`, `PLESK_PASSWORD`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/plesk)            |
+| [Porkbun](https://porkbun.com/)                                        | `porkbun`          | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)          |
+| [PowerDNS](https://www.powerdns.com)                                   | `pdns`             | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)             |
+| [Rackspace](https://www.rackspace.com/cloud/dns)                       | `rackspace`        | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)        |
+| [RcodeZero](https://www.rcodezero.at)                                  | `rcodezero`        | `RCODEZERO_API_TOKEN`                                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/rcodezero)        |
+| [reg.ru](https://www.reg.ru)                                           | `regru`            | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/regru)            |
+| [RFC2136](https://tools.ietf.org/html/rfc2136)                         | `rfc2136`          | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)          |
+| [RimuHosting](https://rimuhosting.com)                                 | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
+| [Route 53](https://aws.amazon.com/route53/)                            | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
+| [Sakura Cloud](https://cloud.sakura.ad.jp/)                            | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
+| [Scaleway](https://www.scaleway.com)                                   | `scaleway`         | `SCALEWAY_API_TOKEN`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
+| [Selectel](https://selectel.ru/en/)                                    | `selectel`         | `SELECTEL_API_TOKEN`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)         |
+| [Servercow](https://servercow.de)                                      | `servercow`        | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)        |
+| [Shellrent](https://www.shellrent.com)                                 | `shellrent`        | `SHELLRENT_USERNAME`, `SHELLRENT_TOKEN`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/shellrent)        |
+| [Simply.com](https://www.simply.com/en/domains/)                       | `simply`           | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/simply)           |
+| [Sonic](https://www.sonic.com/)                                        | `sonic`            | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)            |
+| [Stackpath](https://www.stackpath.com/)                                | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
+| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)             | `tencentcloud`     | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud)     |
+| [TransIP](https://www.transip.nl/)                                     | `transip`          | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/transip)          |
+| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns`          | `SAFEDNS_AUTH_TOKEN`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)          |
+| [Ultradns](https://neustarsecurityservices.com/dns-services)           | `ultradns`         | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD`                                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns)         |
+| [Variomedia](https://www.variomedia.de/)                               | `variomedia`       | `VARIOMEDIA_API_TOKEN`                                                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia)       |
+| [VegaDNS](https://github.com/shupp/VegaDNS-API)                        | `vegadns`          | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)          |
+| [Vercel](https://vercel.com)                                           | `vercel`           | `VERCEL_API_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vercel)           |
+| [Versio](https://www.versio.nl/domeinnamen)                            | `versio`           | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/versio)           |
+| [VinylDNS](https://www.vinyldns.io)                                    | `vinyldns`         | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST`                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns)         |
+| [VK Cloud](https://mcs.mail.ru/)                                       | `vkcloud`          | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME`                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud)          |
+| [Vscale](https://vscale.io/)                                           | `vscale`           | `VSCALE_API_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)           |
+| [VULTR](https://www.vultr.com)                                         | `vultr`            | `VULTR_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)            |
+| [Webnames](https://www.webnames.ru/)                                   | `webnames`         | `WEBNAMES_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/webnames)         |
+| [Websupport](https://websupport.sk)                                    | `websupport`       | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/websupport)       |
+| [WEDOS](https://www.wedos.com)                                         | `wedos`            | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)            |
+| [Yandex 360](https://360.yandex.ru)                                    | `yandex360`        | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID`                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360)        |
+| [Yandex Cloud](https://cloud.yandex.com/en/)                           | `yandexcloud`      | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud)      |
+| [Yandex](https://yandex.com)                                           | `yandex`           | `YANDEX_PDD_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)           |
+| [Zone.ee](https://www.zone.ee)                                         | `zoneee`           | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)           |
+| [Zonomi](https://zonomi.com)                                           | `zonomi`           | `ZONOMI_API_KEY`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)           |
+| External Program                                                       | `exec`             | `EXEC_PATH`                                                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/exec)             |
+| HTTP request                                                           | `httpreq`          | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)          |
+| manual                                                                 | `manual`           | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                                                          |                                                                                 |

 [^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
 [^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).
--- a/docs/content/includes/traefik-for-business-applications.md
+++ b/docs/content/includes/traefik-for-business-applications.md
@@ -2,10 +2,13 @@

 !!! question "Using Traefik for Business Applications?"

-    If you are using Traefik in your organization, consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/). You can use it as your:
+    If you are using Traefik in your organization, consider our enterprise-grade solutions:

-    - [API Gateway](https://traefik.io/solutions/api-gateway/)
-    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
-    - [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/)
+    - API Management  
+      [Explore](https://traefik.io/solutions/api-management/) // [Watch Demo Video](https://info.traefik.io/watch-traefik-hub-demo)
+    - API Gateway  
+      [Explore](https://traefik.io/solutions/api-gateway/) // [Watch Demo Video](https://info.traefik.io/watch-traefikee-demo)
+    - Ingress Controller  
+      [Kubernetes](https://traefik.io/solutions/kubernetes-ingress/) // [Docker Swarm](https://traefik.io/solutions/docker-swarm-ingress/)

-    Traefik Enterprise simplifies the discovery, security, and deployment of APIs and microservices across any environment. See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo).
+    These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.
--- a/docs/content/index.md
+++ b/docs/content/index.md
@@ -18,13 +18,13 @@ Traefik is natively compliant with every major cluster technology, such as Kuber
 With Traefik, there is no need to maintain and synchronize a separate configuration file: everything happens automatically, in real time (no restarts, no connection interruptions).
 With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state.   

-Developing Traefik, our main goal is to make it simple to use, and we're sure you'll enjoy it.
+Developing Traefik, our main goal is to make it effortless to use, and we're sure you'll enjoy it.

 -- The Traefik Maintainer Team 

 !!! info

-    Join our user friendly and active [Community Forum]((https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.
+    Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.

    Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment.

--- a/docs/content/middlewares/http/basicauth.md
+++ b/docs/content/middlewares/http/basicauth.md
@@ -10,7 +10,7 @@ Adding Basic Authentication

 ![BasicAuth](../../assets/img/middleware/basicauth.png)

-The BasicAuth middleware restricts access to your services to known users.
+The BasicAuth middleware grants access to services to authorized users only.

 ## Configuration Examples

--- a/docs/content/middlewares/http/digestauth.md
+++ b/docs/content/middlewares/http/digestauth.md
@@ -10,7 +10,7 @@ Adding Digest Authentication

 ![BasicAuth](../../assets/img/middleware/digestauth.png)

-The DigestAuth middleware restricts access to your services to known users.
+The DigestAuth middleware grants access to services to authorized users only.

 ## Configuration Examples

--- a/docs/content/middlewares/http/errorpages.md
+++ b/docs/content/middlewares/http/errorpages.md
@@ -21,7 +21,7 @@ The Errors middleware returns a custom page in lieu of the default, according to
 ```yaml tab="Docker"
 # Dynamic Custom Error Page for 5XX Status Code
 labels:
-  - "traefik.http.middlewares.test-errors.errors.status=500-599"
+  - "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
  - "traefik.http.middlewares.test-errors.errors.service=serviceError"
  - "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
 ```
@@ -34,7 +34,10 @@ metadata:
 spec:
  errors:
    status:
-      - "500-599"
+      - "500"
+      - "501"
+      - "503"
+      - "505-599"
    query: /{status}.html
    service:
      name: whoami
@@ -42,36 +45,39 @@ spec:
 ```

 ```yaml tab="Consul Catalog"
-# Dynamic Custom Error Page for 5XX Status Code
- "traefik.http.middlewares.test-errors.errors.status=500-599"
+# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
+- "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
 - "traefik.http.middlewares.test-errors.errors.service=serviceError"
 - "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
 ```

 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-errors.errors.status": "500-599",
+  "traefik.http.middlewares.test-errors.errors.status": "500,501,503,505-599",
  "traefik.http.middlewares.test-errors.errors.service": "serviceError",
  "traefik.http.middlewares.test-errors.errors.query": "/{status}.html"
 }
 ```

 ```yaml tab="Rancher"
-# Dynamic Custom Error Page for 5XX Status Code
+# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
 labels:
-  - "traefik.http.middlewares.test-errors.errors.status=500-599"
+  - "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
  - "traefik.http.middlewares.test-errors.errors.service=serviceError"
  - "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
 ```

 ```yaml tab="File (YAML)"
-# Custom Error Page for 5XX
+# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
 http:
  middlewares:
    test-errors:
      errors:
        status:
-          - "500-599"
+          - "500"
+          - "501"
+          - "503"
+          - "505-599"
        service: serviceError
        query: "/{status}.html"

@@ -80,10 +86,10 @@ http:
 ```

 ```toml tab="File (TOML)"
-# Custom Error Page for 5XX
+# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
 [http.middlewares]
  [http.middlewares.test-errors.errors]
-    status = ["500-599"]
+    status = ["500","501","503","505-599"]
    service = "serviceError"
    query = "/{status}.html"

@@ -101,14 +107,16 @@ http:

 The `status` option defines which status or range of statuses should result in an error page.

-The status code ranges are inclusive (`500-599` will trigger with every code between `500` and `599`, `500` and `599` included).
+The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).

 !!! note ""

    You can define either a status code as a number (`500`),
    as multiple comma-separated numbers (`500,502`),
-    as ranges by separating two codes with a dash (`500-599`),
-    or a combination of the two (`404,418,500-599`).
+    as ranges by separating two codes with a dash (`505-599`),
+    or a combination of the two (`404,418,505-599`).
+    The comma-separated syntax is only available for label-based providers.
+    The examples above demonstrate which syntax is appropriate for each provider.

 ### `service`

--- a/docs/content/middlewares/http/headers.md
+++ b/docs/content/middlewares/http/headers.md
@@ -231,7 +231,8 @@ spec:
      - "GET"
      - "OPTIONS"
      - "PUT"
-    accessControlAllowHeaders: "*"
+    accessControlAllowHeaders:
+      - "*"
    accessControlAllowOriginList:
      - "https://foo.bar.org"
      - "https://example.org"
@@ -286,8 +287,8 @@ http:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.testHeader.headers]
-    accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
-    accessControlAllowHeaders= "*"
+    accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
+    accessControlAllowHeaders = [ "*" ]
    accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
    accessControlMaxAge = 100
    addVaryHeader = true
--- a/docs/content/middlewares/http/ipallowlist.md
+++ b/docs/content/middlewares/http/ipallowlist.md
@@ -0,0 +1,246 @@
+---
+title: "Traefik HTTP Middlewares IPAllowList"
+description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
+---
+
+# IPAllowList
+
+Limiting Clients to Specific IPs
+{: .subtitle }
+
+IPAllowList limits allowed requests based on the client IP.
+
+## Configuration Examples
+
+```yaml tab="Docker"
+# Accepts request from defined IP
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.7
+```
+
+```yaml tab="Consul Catalog"
+# Accepts request from defined IP
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
+}
+```
+
+```yaml tab="Rancher"
+# Accepts request from defined IP
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="File (YAML)"
+# Accepts request from defined IP
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.7"
+```
+
+```toml tab="File (TOML)"
+# Accepts request from defined IP
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
+```
+
+## Configuration Options
+
+### `sourceRange`
+
+_Required_
+
+The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
+
+### `ipStrategy`
+
+The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.  
+If no strategy is set, the default behavior is to match `sourceRange` against the Remote address found in the request.
+
+!!! important "As a middleware, whitelisting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through whitelisting. Therefore, during whitelisting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be matched against `sourceRange`."
+
+#### `ipStrategy.depth`
+
+The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
+
+- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
+- `depth` is ignored if its value is less than or equal to 0.
+
+!!! example "Examples of Depth & X-Forwarded-For"
+
+    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
+
+    | `X-Forwarded-For`                       | `depth` | clientIP     |
+    |-----------------------------------------|---------|--------------|
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1`     | `"13.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
+
+```yaml tab="Docker"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
+```
+
+```yaml tab="Kubernetes"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.7
+    ipStrategy:
+      depth: 2
+```
+
+```yaml tab="Consul Catalog"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
+}
+```
+
+```yaml tab="Rancher"
+# Whitelisting Based on `X-Forwarded-For` with `depth=2`
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
+```
+
+```yaml tab="File (YAML)"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.7"
+        ipStrategy:
+          depth: 2
+```
+
+```toml tab="File (TOML)"
+# Allowlisting Based on `X-Forwarded-For` with `depth=2`
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
+    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
+      depth = 2
+```
+
+#### `ipStrategy.excludedIPs`
+
+`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
+
+!!! important "If `depth` is specified, `excludedIPs` is ignored."
+
+!!! example "Example of ExcludedIPs & X-Forwarded-For"
+
+    | `X-Forwarded-For`                       | `excludedIPs`         | clientIP     |
+    |-----------------------------------------|-----------------------|--------------|
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
+    | `"10.0.0.1,11.0.0.1"`                   | `"10.0.0.1,11.0.0.1"` | `""`         |
+
+```yaml tab="Docker"
+# Exclude from `X-Forwarded-For`
+labels:
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+# Exclude from `X-Forwarded-For`
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.0/24
+    ipStrategy:
+      excludedIPs:
+        - 127.0.0.1/32
+        - 192.168.1.7
+```
+
+```yaml tab="Consul Catalog"
+# Exclude from `X-Forwarded-For`
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
+}
+```
+
+```yaml tab="Rancher"
+# Exclude from `X-Forwarded-For`
+labels:
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
+  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="File (YAML)"
+# Exclude from `X-Forwarded-For`
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+         - 127.0.0.1/32
+         - 192.168.1.0/24
+        ipStrategy:
+          excludedIPs:
+            - 127.0.0.1/32
+            - 192.168.1.7
+```
+
+```toml tab="File (TOML)"
+# Exclude from `X-Forwarded-For`
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
+    [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
+      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
+```
--- a/docs/content/middlewares/http/ipwhitelist.md
+++ b/docs/content/middlewares/http/ipwhitelist.md
@@ -8,9 +8,13 @@ description: "Learn how to use IPWhiteList in HTTP middleware for limiting clien
 Limiting Clients to Specific IPs
 {: .subtitle }

-![IpWhiteList](../../assets/img/middleware/ipwhitelist.png)
+![IPWhiteList](../../assets/img/middleware/ipwhitelist.png)

-IPWhitelist accepts / refuses requests based on the client IP.
+IPWhiteList limits allowed requests based on the client IP.
+
+!!! warning
+
+    This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead.

 ## Configuration Examples

@@ -71,6 +75,8 @@ http:

 ### `sourceRange`

+_Required_
+
 The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).

 ### `ipStrategy`
@@ -180,6 +186,7 @@ http:
 ```yaml tab="Docker"
 # Exclude from `X-Forwarded-For`
 labels:
+    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
    - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```

@@ -192,6 +199,9 @@ metadata:
 spec:
  ipWhiteList:
    ipStrategy:
+      sourceRange:
+        - 127.0.0.1/32
+        - 192.168.1.0/24
      excludedIPs:
        - 127.0.0.1/32
        - 192.168.1.7
@@ -199,11 +209,13 @@ spec:

 ```yaml tab="Consul Catalog"
 # Exclude from `X-Forwarded-For`
+- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
 - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```

 ```json tab="Marathon"
 "labels": {
+  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
  "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
@@ -211,6 +223,7 @@ spec:
 ```yaml tab="Rancher"
 # Exclude from `X-Forwarded-For`
 labels:
+  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
  - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```

@@ -220,16 +233,20 @@ http:
  middlewares:
    test-ipwhitelist:
      ipWhiteList:
+        sourceRange:
+          - 127.0.0.1/32
+          - 192.168.1.0/24
        ipStrategy:
          excludedIPs:
-            - "127.0.0.1/32"
-            - "192.168.1.7"
+            - 127.0.0.1/32
+            - 192.168.1.7
 ```

 ```toml tab="File (TOML)"
 # Exclude from `X-Forwarded-For`
 [http.middlewares]
  [http.middlewares.test-ipwhitelist.ipWhiteList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
    [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
 ```
--- a/docs/content/middlewares/http/ratelimit.md
+++ b/docs/content/middlewares/http/ratelimit.md
@@ -16,15 +16,15 @@ It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) impl

 ```yaml tab="Docker"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
+  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"
 ```

 ```yaml tab="Kubernetes"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -32,12 +32,12 @@ metadata:
 spec:
  rateLimit:
    average: 100
-    burst: 50
+    burst: 200
 ```

 ```yaml tab="Consul Catalog"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
 - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
 ```
@@ -45,36 +45,36 @@ spec:
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
-  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
+  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "200"
 }
 ```

 ```yaml tab="Rancher"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
+  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"
 ```

 ```yaml tab="File (YAML)"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 http:
  middlewares:
    test-ratelimit:
      rateLimit:
        average: 100
-        burst: 50
+        burst: 200
 ```

 ```toml tab="File (TOML)"
 # Here, an average of 100 requests per second is allowed.
-# In addition, a burst of 50 requests is allowed.
+# In addition, a burst of 200 requests is allowed.
 [http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    average = 100
-    burst = 50
+    burst = 200
 ```

 ## Configuration Options
--- a/docs/content/middlewares/tcp/ipallowlist.md
+++ b/docs/content/middlewares/tcp/ipallowlist.md
@@ -0,0 +1,60 @@
+---
+title: "Traefik TCP Middlewares IPAllowList"
+description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
+---
+
+# IPAllowList
+
+Limiting Clients to Specific IPs
+{: .subtitle }
+
+IPAllowList limits allowed requests based on the client IP.
+
+## Configuration Examples
+
+```yaml tab="Docker & Swarm"
+# Accepts connections from defined IP
+labels:
+  - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.io/v1alpha1
+kind: MiddlewareTCP
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    sourceRange:
+      - 127.0.0.1/32
+      - 192.168.1.7
+```
+
+```yaml tab="Consul Catalog"
+# Accepts request from defined IP
+- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
+```
+
+```toml tab="File (TOML)"
+# Accepts request from defined IP
+[tcp.middlewares]
+  [tcp.middlewares.test-ipallowlist.ipAllowList]
+    sourceRange = ["127.0.0.1/32", "192.168.1.7"]
+```
+
+```yaml tab="File (YAML)"
+# Accepts request from defined IP
+tcp:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.7"
+```
+
+## Configuration Options
+
+### `sourceRange`
+
+The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
--- a/docs/content/middlewares/tcp/ipwhitelist.md
+++ b/docs/content/middlewares/tcp/ipwhitelist.md
@@ -8,7 +8,11 @@ description: "Learn how to use IPWhiteList in TCP middleware for limiting client
 Limiting Clients to Specific IPs
 {: .subtitle }

-IPWhitelist accepts / refuses connections based on the client IP.
+IPWhiteList accepts / refuses connections based on the client IP.
+
+!!! warning
+
+    This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead.

 ## Configuration Examples

--- a/docs/content/migration/v1-to-v2.md
+++ b/docs/content/migration/v1-to-v2.md
@@ -23,7 +23,7 @@ feature by feature, of how the configuration looked like in v1, and how it now l
    - convert `acme.json` file from v1 to v2 format.
    - migrate the static configuration contained in the file `traefik.toml` to a Traefik v2 file.

-## Frontends and Backends Are Dead... <br/>... Long Live Routers, Middlewares, and Services
+## Frontends and Backends Are Dead, Long Live Routers, Middlewares, and Services

 During the transition from v1 to v2, a number of internal pieces and components of Traefik were rewritten and reorganized.
 As such, the combination of core notions such as frontends and backends has been replaced with the combination of [routers](../routing/routers/index.md), [services](../routing/services/index.md), and [middlewares](../middlewares/overview.md).
@@ -542,7 +542,7 @@ To apply a redirection:
 ## Strip and Rewrite Path Prefixes

 With the new core notions of v2 (introduced earlier in the section
-["Frontends and Backends Are Dead... Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)),
+["Frontends and Backends Are Dead, Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)),
 transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
 after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).

--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@@ -522,4 +522,90 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/co

 ### Traefik Hub

-In `v2.10`, Traefik Hub is GA and the `experimental.hub` flag is deprecated.
+In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration.
+
+## v2.11
+
+### IPWhiteList (HTTP)
+
+In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/http/ipallowlist.md) middleware instead.
+
+### IPWhiteList (TCP)
+
+In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
+
+### TLS CipherSuites
+
+> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
+> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
+> (https://go.dev/doc/go1.22#crypto/tls)
+
+The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
+Decision has been made to support ECDHE cipher suites only by default.
+
+The following ciphers have been removed from the default list:
+
+- `TLS_RSA_WITH_AES_128_CBC_SHA`
+- `TLS_RSA_WITH_AES_256_CBC_SHA`
+- `TLS_RSA_WITH_AES_128_GCM_SHA256`
+- `TLS_RSA_WITH_AES_256_GCM_SHA384`
+
+To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
+
+### Minimum TLS Version
+
+> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
+> matching the behavior of crypto/tls clients.
+> This change can be reverted with the `tls10server=1 GODEBUG` setting.
+> (https://go.dev/doc/go1.22#crypto/tls)
+
+To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
+
+## v2.11.1
+
+### Maximum Router Priority Value
+
+Before v2.11.1, the maximum user-defined router priority value is:
+
+- `MaxInt32` for 32-bit platforms,
+- `MaxInt64` for 64-bit platforms.
+
+Please check out the [go documentation](https://pkg.go.dev/math#pkg-constants) for more information.
+
+In v2.11.1, Traefik reserves a range of priorities for its internal routers and now, 
+the maximum user-defined router priority value is:
+
+- `(MaxInt32 - 1000)` for 32-bit platforms,
+- `(MaxInt64 - 1000)` for 64-bit platforms.
+
+### <EntryPoint>.Transport.RespondingTimeouts.<Timeout>
+
+Starting with `v2.11.1` the following timeout options are deprecated:
+
+- `<entryPoint>.transport.respondingTimeouts.readTimeout`
+- `<entryPoint>.transport.respondingTimeouts.writeTimeout`
+- `<entryPoint>.transport.respondingTimeouts.idleTimeout`
+
+They have been replaced by:
+
+- `<entryPoint>.transport.respondingTimeouts.http.readTimeout`
+- `<entryPoint>.transport.respondingTimeouts.http.writeTimeout`
+- `<entryPoint>.transport.respondingTimeouts.http.idleTimeout`
+
+### <EntryPoint>.Transport.RespondingTimeouts.TCP.LingeringTimeout
+
+Starting with `v2.11.1` a new `lingeringTimeout` entryPoints option has been introduced, with a default value of 2s.
+
+The lingering timeout defines the maximum duration between each TCP read operation on the connection.
+As a layer 4 timeout, it applies during HTTP handling but respects the configured HTTP server `readTimeout`.
+
+This change avoids Traefik instances with the default configuration hanging while waiting for bytes to be read on the connection.
+
+We suggest to adapt this value accordingly to your situation.
+The new default value is purposely narrowed and can close the connection too early.
+
+Increasing the `lingeringTimeout` value could be the solution notably if you are dealing with the following errors:
+
+- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
+- HTTP: `'499 Client Closed Request' caused by: context canceled`
+- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
--- a/docs/content/observability/access-logs.md
+++ b/docs/content/observability/access-logs.md
@@ -54,7 +54,7 @@ If the given format is unsupported, the default (CLF) is used instead.
 !!! info "Common Log Format"

    ```html
-    <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
+    <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
    ```

 ### `bufferingSize`
@@ -154,9 +154,9 @@ accessLog:
    headers:
      defaultMode: keep
      names:
-          User-Agent: redact
-          Authorization: drop
-          Content-Type: keep
+        User-Agent: redact
+        Authorization: drop
+        Content-Type: keep
 ```

 ```toml tab="File (TOML)"
@@ -218,7 +218,7 @@ accessLog:
    | `RequestContentSize`    | The number of bytes in the request entity (a.k.a. body) sent by the client.                                                                                         |
    | `OriginDuration`        | The time taken (in nanoseconds) by the origin server ('upstream') to return its response.                                                                           |
    | `OriginContentSize`     | The content length specified by the origin server, or 0 if unspecified.                                                                                             |
-    | `OriginStatus`          | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent.     |
+    | `OriginStatus`          | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
    | `OriginStatusLine`      | `OriginStatus` + Status code explanation                                                                                                                            |
    | `DownstreamStatus`      | The HTTP status code returned to the client.                                                                                                                        |
    | `DownstreamStatusLine`  | `DownstreamStatus` + Status code explanation                                                                                                                        |
@@ -254,7 +254,7 @@ version: "3.7"

 services:
  traefik:
-    image: traefik:v2.10
+    image: traefik:v2.11
    environment:
      - TZ=US/Alaska
    command:
--- a/docs/content/observability/metrics/prometheus.md
+++ b/docs/content/observability/metrics/prometheus.md
@@ -227,4 +227,12 @@ The following metric is produced :

 ```bash
 traefik_entrypoint_requests_total{code="200",entrypoint="web",method="GET",protocol="http",useragent="foobar"} 1
-```
+```
+
+!!! info "`Host` header value"
+
+    The `Host` header is never present in the Header map of a request, as per go documentation says:
+    // For incoming requests, the Host header is promoted to the
+    // Request.Host field and removed from the Header map.
+
+    As a workaround, to obtain the Host of a request as a label, one should use instead the `X-Forwarded-Host` header.
--- a/docs/content/observability/metrics/statsd.md
+++ b/docs/content/observability/metrics/statsd.md
@@ -69,7 +69,7 @@ metrics:

 _Optional, Default=false_

-Enable metrics on entry points.
+Enable metrics on routers.

 ```yaml tab="File (YAML)"
 metrics:
--- a/docs/content/operations/dashboard.md
+++ b/docs/content/operations/dashboard.md
@@ -71,11 +71,11 @@ with a router attached to the service `api@internal` in the
 to allow defining:

 - One or more security features through [middlewares](../middlewares/overview.md)
-  like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
+  like authentication ([basicAuth](../middlewares/http/basicauth.md), [digestAuth](../middlewares/http/digestauth.md),
  [forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md).

 - A [router rule](#dashboard-router-rule) for accessing the dashboard,
-  through Traefik itself (sometimes referred as "Traefik-ception").
+  through Traefik itself (sometimes referred to as "Traefik-ception").

 ### Dashboard Router Rule

@@ -83,7 +83,7 @@ As underlined in the [documentation for the `api.dashboard` option](./api.md#das
 the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
 the path prefixes `/api` and `/dashboard`.

-We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
+We recommend using a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
 or to make sure that the defined rule captures both prefixes:

 ```bash tab="Host Rule"
--- a/docs/content/operations/ping.md
+++ b/docs/content/operations/ping.md
@@ -33,7 +33,7 @@ whose default value is `traefik` (port `8080`).

 | Path    | Method        | Description                                                                                         |
 |---------|---------------|-----------------------------------------------------------------------------------------------------|
-| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
+| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |

 !!! note
    The `cli` comes with a [`healthcheck`](./cli.md#healthcheck) command which can be used for calling this endpoint.
@@ -92,10 +92,11 @@ ping:
 _Optional, Default=503_

 During the period in which Traefik is gracefully shutting down, the ping handler
-returns a 503 status code by default. If Traefik is behind e.g. a load-balancer
+returns a `503` status code by default.  
+If Traefik is behind, for example a load-balancer
 doing health checks (such as the Kubernetes LivenessProbe), another code might
-be expected as the signal for graceful termination. In which case, the
-terminatingStatusCode can be used to set the code returned by the ping
+be expected as the signal for graceful termination.  
+In that case, the terminatingStatusCode can be used to set the code returned by the ping
 handler during termination.

 ```yaml tab="File (YAML)"
--- a/docs/content/providers/consul-catalog.md
+++ b/docs/content/providers/consul-catalog.md
@@ -529,6 +529,13 @@ providers:
 # ...
 ```

+??? info "Default rule and Traefik service"
+
+    The exposure of the Traefik container, combined with the default rule mechanism,
+    can lead to create a router targeting itself in a loop.
+    In this case, to prevent an infinite loop,
+    Traefik adds an internal middleware to refuse the request if it comes from the same router.
+
 ### `connectAware`

 _Optional, Default=false_
--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@@ -254,7 +254,9 @@ services:

 _Required, Default="unix:///var/run/docker.sock"_

+<!-- markdownlint-disable MD051 -->
 See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API Access](#docker-api-access_1) for more information.
+<!-- markdownlint-restore -->

 ??? example "Using the docker.sock"

@@ -265,7 +267,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A

    services:
      traefik:
-         image: traefik:v2.10 # The official v2 Traefik docker image
+         image: traefik:v2.11 # The official v2 Traefik docker image
         ports:
           - "80:80"
         volumes:
@@ -294,9 +296,9 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A

 ??? example "Using SSH"

-    Using Docker 18.09+ you can connect Traefik to daemon using SSH
+    Using Docker 18.09+ you can connect Traefik to daemon using SSH.
    We specify the SSH host and user in Traefik's configuration file.
-    Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
+    Note that if the server requires public keys for authentication, you must have them accessible for the user running Traefik.

    ```yaml tab="File (YAML)"
    providers:
@@ -464,6 +466,13 @@ providers:
 # ...
 ```

+??? info "Default rule and Traefik service"
+
+    The exposure of the Traefik container, combined with the default rule mechanism,
+    can lead to create a router targeting itself in a loop.
+    In this case, to prevent an infinite loop,
+    Traefik adds an internal middleware to refuse the request if it comes from the same router.
+
 ### `swarmMode`

 _Optional, Default=false_
--- a/docs/content/providers/ecs.md
+++ b/docs/content/providers/ecs.md
@@ -263,6 +263,13 @@ providers:
 # ...
 ```

+??? info "Default rule and Traefik service"
+
+    The exposure of the Traefik container, combined with the default rule mechanism,
+    can lead to create a router targeting itself in a loop.
+    In this case, to prevent an infinite loop,
+    Traefik adds an internal middleware to refuse the request if it comes from the same router.
+
 ### `refreshSeconds`

 _Optional, Default=15_
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@@ -35,10 +35,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku

    ```bash
    # Install Traefik Resource Definitions:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
    
    # Install RBAC for Traefik:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
    ```

 ## Resource Configuration
--- a/docs/content/providers/kubernetes-gateway.md
+++ b/docs/content/providers/kubernetes-gateway.md
@@ -268,3 +268,5 @@ providers:
 ```bash tab="CLI"
 --providers.kubernetesgateway.throttleDuration=10s
 ```
+
+{!traefik-for-business-applications.md!}
--- a/docs/content/providers/kubernetes-ingress.md
+++ b/docs/content/providers/kubernetes-ingress.md
@@ -502,6 +502,6 @@ providers:
 ### Further

 To learn more about the various aspects of the Ingress specification that Traefik supports,
-many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.10/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.11/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

 {!traefik-for-business-applications.md!}
--- a/docs/content/providers/marathon.md
+++ b/docs/content/providers/marathon.md
@@ -142,6 +142,13 @@ providers:
 # ...
 ```

+??? info "Default rule and Traefik service"
+
+    The exposure of the Traefik container, combined with the default rule mechanism,
+    can lead to create a router targeting itself in a loop.
+    In this case, to prevent an infinite loop,
+    Traefik adds an internal middleware to refuse the request if it comes from the same router.
+
 ### `dialerTimeout`

 _Optional, Default=5s_
--- a/docs/content/providers/nomad.md
+++ b/docs/content/providers/nomad.md
@@ -163,6 +163,7 @@ providers:
 _Optional, Default=""_

 Token is used to provide a per-request ACL token, if Nomad ACLs are enabled.
+The appropriate ACL privilege for this token is 'read-job', as outlined in the [Nomad documentation on ACL](https://developer.hashicorp.com/nomad/tutorials/access-control/access-control-policies).

 ```yaml tab="File (YAML)"
 providers:
@@ -377,6 +378,13 @@ providers:
 # ...
 ```

+??? info "Default rule and Traefik service"
+
+    The exposure of the Traefik container, combined with the default rule mechanism,
+    can lead to create a router targeting itself in a loop.
+    In this case, to prevent an infinite loop,
+    Traefik adds an internal middleware to refuse the request if it comes from the same router.
+
 ### `constraints`

 _Optional, Default=""_
--- a/docs/content/providers/rancher.md
+++ b/docs/content/providers/rancher.md
@@ -125,6 +125,13 @@ providers:
 # ...
 ```

+??? info "Default rule and Traefik service"
+
+    The exposure of the Traefik container, combined with the default rule mechanism,
+    can lead to create a router targeting itself in a loop.
+    In this case, to prevent an infinite loop,
+    Traefik adds an internal middleware to refuse the request if it comes from the same router.
+
 ### `enableServiceHealthFilter`

 _Optional, Default=true_
--- a/docs/content/providers/redis.md
+++ b/docs/content/providers/redis.md
@@ -105,6 +105,28 @@ providers:
 --providers.redis.password=foo
 ```

+### `db`
+
+_Optional, Default=0_
+
+Defines the database to be selected after connecting to the Redis.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    # ...
+    db: 0
+```
+
+```toml tab="File (TOML)"
+[providers.redis]
+  db = 0
+```
+
+```bash tab="CLI"
+--providers.redis.db=0
+```
+
 ### `tls`

 _Optional_
@@ -207,3 +229,166 @@ providers:
 ```bash tab="CLI"
 --providers.redis.tls.insecureSkipVerify=true
 ```
+
+### `sentinel`
+
+_Optional_
+
+Defines the Sentinel configuration used to interact with Redis Sentinel.
+
+#### `masterName`
+
+_Required_
+
+`masterName` is the name of the Sentinel master.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      masterName: my-master
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+  masterName = "my-master"
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.masterName=my-master
+```
+
+#### `username`
+
+_Optional_
+
+`username` is the username for Sentinel authentication.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      username: user
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+  username = "user"
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.username=user
+```
+
+#### `password`
+
+_Optional_
+
+`password` is the password for Sentinel authentication.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      password: password
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+  password = "password"
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.password=password
+```
+
+#### `latencyStrategy`
+
+_Optional, Default=false_
+
+`latencyStrategy` defines whether to route commands to the closest master or replica nodes 
+(mutually exclusive with RandomStrategy and ReplicaStrategy).
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      latencyStrategy: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+latencyStrategy = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.latencyStrategy=true
+```
+
+#### `randomStrategy`
+
+_Optional, Default=false_
+
+`randomStrategy` defines whether to route commands randomly to master or replica nodes 
+(mutually exclusive with LatencyStrategy and ReplicaStrategy).
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      randomStrategy: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+randomStrategy = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.randomStrategy=true
+```
+
+#### `replicaStrategy`
+
+_Optional, Default=false_
+
+`replicaStrategy` Defines whether to route all commands to replica nodes 
+(mutually exclusive with LatencyStrategy and RandomStrategy).
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      replicaStrategy: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+replicaStrategy = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.replicaStrategy=true
+```
+
+#### `useDisconnectedReplicas`
+
+_Optional, Default=false_
+
+`useDisconnectedReplicas` defines whether to use replicas disconnected with master when cannot get connected replicas.
+
+```yaml tab="File (YAML)"
+providers:
+  redis:
+    sentinel:
+      useDisconnectedReplicas: true
+```
+
+```toml tab="File (TOML)"
+[providers.redis.sentinel]
+useDisconnectedReplicas = true
+```
+
+```bash tab="CLI"
+--providers.redis.sentinel.useDisconnectedReplicas=true
+```
--- a/docs/content/reference/dynamic-configuration/docker-labels.yml
+++ b/docs/content/reference/dynamic-configuration/docker-labels.yml
@@ -1,126 +1,136 @@
- "traefik.http.middlewares.middleware00.addprefix.prefix=foobar"
- "traefik.http.middlewares.middleware01.basicauth.headerfield=foobar"
- "traefik.http.middlewares.middleware01.basicauth.realm=foobar"
- "traefik.http.middlewares.middleware01.basicauth.removeheader=true"
- "traefik.http.middlewares.middleware01.basicauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware01.basicauth.usersfile=foobar"
- "traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.memrequestbodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.memresponsebodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.retryexpression=foobar"
- "traefik.http.middlewares.middleware03.chain.middlewares=foobar, foobar"
- "traefik.http.middlewares.middleware04.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.middleware04.circuitbreaker.checkperiod=42s"
- "traefik.http.middlewares.middleware04.circuitbreaker.fallbackduration=42s"
- "traefik.http.middlewares.middleware04.circuitbreaker.recoveryduration=42s"
- "traefik.http.middlewares.middleware05.compress=true"
- "traefik.http.middlewares.middleware05.compress.excludedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware05.compress.minresponsebodybytes=42"
- "traefik.http.middlewares.middleware06.contenttype.autodetect=true"
- "traefik.http.middlewares.middleware07.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware07.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware07.digestauth.removeheader=true"
- "traefik.http.middlewares.middleware07.digestauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware07.digestauth.usersfile=foobar"
- "traefik.http.middlewares.middleware08.errors.query=foobar"
- "traefik.http.middlewares.middleware08.errors.service=foobar"
- "traefik.http.middlewares.middleware08.errors.status=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.address=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlistregex=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage=42"
- "traefik.http.middlewares.middleware10.headers.addvaryheader=true"
- "traefik.http.middlewares.middleware10.headers.allowedhosts=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.browserxssfilter=true"
- "traefik.http.middlewares.middleware10.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.contenttypenosniff=true"
- "traefik.http.middlewares.middleware10.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.middleware10.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware10.headers.framedeny=true"
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.isdevelopment=true"
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware10.headers.stspreload=true"
- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.amount=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organizationalunit=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.pem=true"
- "traefik.http.middlewares.middleware14.plugin.foobar.foo=bar"
- "traefik.http.middlewares.middleware15.ratelimit.average=42"
- "traefik.http.middlewares.middleware15.ratelimit.burst=42"
- "traefik.http.middlewares.middleware15.ratelimit.period=42"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware16.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware16.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware16.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware17.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware17.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware17.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware18.replacepath.path=foobar"
- "traefik.http.middlewares.middleware19.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware20.retry.attempts=42"
- "traefik.http.middlewares.middleware20.retry.initialinterval=42"
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
+- "traefik.http.middlewares.middleware01.addprefix.prefix=foobar"
+- "traefik.http.middlewares.middleware02.basicauth.headerfield=foobar"
+- "traefik.http.middlewares.middleware02.basicauth.realm=foobar"
+- "traefik.http.middlewares.middleware02.basicauth.removeheader=true"
+- "traefik.http.middlewares.middleware02.basicauth.users=foobar, foobar"
+- "traefik.http.middlewares.middleware02.basicauth.usersfile=foobar"
+- "traefik.http.middlewares.middleware03.buffering.maxrequestbodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.maxresponsebodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.memrequestbodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.memresponsebodybytes=42"
+- "traefik.http.middlewares.middleware03.buffering.retryexpression=foobar"
+- "traefik.http.middlewares.middleware04.chain.middlewares=foobar, foobar"
+- "traefik.http.middlewares.middleware05.circuitbreaker.checkperiod=42s"
+- "traefik.http.middlewares.middleware05.circuitbreaker.expression=foobar"
+- "traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration=42s"
+- "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s"
+- "traefik.http.middlewares.middleware06.compress=true"
+- "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar"
+- "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42"
+- "traefik.http.middlewares.middleware07.contenttype.autodetect=true"
+- "traefik.http.middlewares.middleware08.digestauth.headerfield=foobar"
+- "traefik.http.middlewares.middleware08.digestauth.realm=foobar"
+- "traefik.http.middlewares.middleware08.digestauth.removeheader=true"
+- "traefik.http.middlewares.middleware08.digestauth.users=foobar, foobar"
+- "traefik.http.middlewares.middleware08.digestauth.usersfile=foobar"
+- "traefik.http.middlewares.middleware09.errors.query=foobar"
+- "traefik.http.middlewares.middleware09.errors.service=foobar"
+- "traefik.http.middlewares.middleware09.errors.status=foobar, foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.address=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.authrequestheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify=true"
+- "traefik.http.middlewares.middleware10.forwardauth.tls.key=foobar"
+- "traefik.http.middlewares.middleware10.forwardauth.trustforwardheader=true"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolallowcredentials=true"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolallowheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolallowmethods=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlist=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlistregex=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolexposeheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.accesscontrolmaxage=42"
+- "traefik.http.middlewares.middleware11.headers.addvaryheader=true"
+- "traefik.http.middlewares.middleware11.headers.allowedhosts=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.browserxssfilter=true"
+- "traefik.http.middlewares.middleware11.headers.contentsecuritypolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.contenttypenosniff=true"
+- "traefik.http.middlewares.middleware11.headers.custombrowserxssvalue=foobar"
+- "traefik.http.middlewares.middleware11.headers.customframeoptionsvalue=foobar"
+- "traefik.http.middlewares.middleware11.headers.customrequestheaders.name0=foobar"
+- "traefik.http.middlewares.middleware11.headers.customrequestheaders.name1=foobar"
+- "traefik.http.middlewares.middleware11.headers.customresponseheaders.name0=foobar"
+- "traefik.http.middlewares.middleware11.headers.customresponseheaders.name1=foobar"
+- "traefik.http.middlewares.middleware11.headers.featurepolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.forcestsheader=true"
+- "traefik.http.middlewares.middleware11.headers.framedeny=true"
+- "traefik.http.middlewares.middleware11.headers.hostsproxyheaders=foobar, foobar"
+- "traefik.http.middlewares.middleware11.headers.isdevelopment=true"
+- "traefik.http.middlewares.middleware11.headers.permissionspolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.publickey=foobar"
+- "traefik.http.middlewares.middleware11.headers.referrerpolicy=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslforcehost=true"
+- "traefik.http.middlewares.middleware11.headers.sslhost=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslproxyheaders.name0=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslproxyheaders.name1=foobar"
+- "traefik.http.middlewares.middleware11.headers.sslredirect=true"
+- "traefik.http.middlewares.middleware11.headers.ssltemporaryredirect=true"
+- "traefik.http.middlewares.middleware11.headers.stsincludesubdomains=true"
+- "traefik.http.middlewares.middleware11.headers.stspreload=true"
+- "traefik.http.middlewares.middleware11.headers.stsseconds=42"
+- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy=true"
+- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware12.ipallowlist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy=true"
+- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware13.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.http.middlewares.middleware14.inflightreq.amount=42"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.commonname=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.country=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.domaincomponent=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.locality=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.organization=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.province=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.serialnumber=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.notafter=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.notbefore=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.sans=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.serialnumber=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.commonname=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.country=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.domaincomponent=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.locality=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organization=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organizationalunit=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.province=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.serialnumber=true"
+- "traefik.http.middlewares.middleware15.passtlsclientcert.pem=true"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf0.name0=foobar"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf0.name1=foobar"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf1.name0=foobar"
+- "traefik.http.middlewares.middleware16.plugin.pluginconf1.name1=foobar"
+- "traefik.http.middlewares.middleware17.ratelimit.average=42"
+- "traefik.http.middlewares.middleware17.ratelimit.burst=42"
+- "traefik.http.middlewares.middleware17.ratelimit.period=42s"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware18.redirectregex.permanent=true"
+- "traefik.http.middlewares.middleware18.redirectregex.regex=foobar"
+- "traefik.http.middlewares.middleware18.redirectregex.replacement=foobar"
+- "traefik.http.middlewares.middleware19.redirectscheme.permanent=true"
+- "traefik.http.middlewares.middleware19.redirectscheme.port=foobar"
+- "traefik.http.middlewares.middleware19.redirectscheme.scheme=foobar"
+- "traefik.http.middlewares.middleware20.replacepath.path=foobar"
+- "traefik.http.middlewares.middleware21.replacepathregex.regex=foobar"
+- "traefik.http.middlewares.middleware21.replacepathregex.replacement=foobar"
+- "traefik.http.middlewares.middleware22.retry.attempts=42"
+- "traefik.http.middlewares.middleware22.retry.initialinterval=42s"
+- "traefik.http.middlewares.middleware23.stripprefix.forceslash=true"
+- "traefik.http.middlewares.middleware23.stripprefix.prefixes=foobar, foobar"
+- "traefik.http.middlewares.middleware24.stripprefixregex.regex=foobar, foobar"
 - "traefik.http.routers.router0.entrypoints=foobar, foobar"
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.priority=42"
@@ -145,32 +155,34 @@
 - "traefik.http.routers.router1.tls.domains[1].main=foobar"
 - "traefik.http.routers.router1.tls.domains[1].sans=foobar, foobar"
 - "traefik.http.routers.router1.tls.options=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.followredirects=true"
- "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.method=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.port=42"
- "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.service01.loadbalancer.passhostheader=true"
- "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service01.loadbalancer.serverstransport=foobar"
- "traefik.http.services.service01.loadbalancer.sticky.cookie=true"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite=foobar"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service01.loadbalancer.server.port=foobar"
- "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
+- "traefik.http.services.service02.loadbalancer.healthcheck.followredirects=true"
+- "traefik.http.services.service02.loadbalancer.healthcheck.headers.name0=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.headers.name1=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.hostname=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.interval=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.method=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.path=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.port=42"
+- "traefik.http.services.service02.loadbalancer.healthcheck.scheme=foobar"
+- "traefik.http.services.service02.loadbalancer.healthcheck.timeout=foobar"
+- "traefik.http.services.service02.loadbalancer.passhostheader=true"
+- "traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval=foobar"
+- "traefik.http.services.service02.loadbalancer.serverstransport=foobar"
+- "traefik.http.services.service02.loadbalancer.sticky=true"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie=true"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.httponly=true"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.name=foobar"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.samesite=foobar"
+- "traefik.http.services.service02.loadbalancer.sticky.cookie.secure=true"
+- "traefik.http.services.service02.loadbalancer.server.port=foobar"
+- "traefik.http.services.service02.loadbalancer.server.scheme=foobar"
+- "traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange=foobar, foobar"
+- "traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange=foobar, foobar"
+- "traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount=42"
 - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
 - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.rule=foobar"
 - "traefik.tcp.routers.tcprouter0.priority=42"
+- "traefik.tcp.routers.tcprouter0.rule=foobar"
 - "traefik.tcp.routers.tcprouter0.service=foobar"
 - "traefik.tcp.routers.tcprouter0.tls=true"
 - "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
@@ -182,8 +194,8 @@
 - "traefik.tcp.routers.tcprouter0.tls.passthrough=true"
 - "traefik.tcp.routers.tcprouter1.entrypoints=foobar, foobar"
 - "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.rule=foobar"
 - "traefik.tcp.routers.tcprouter1.priority=42"
+- "traefik.tcp.routers.tcprouter1.rule=foobar"
 - "traefik.tcp.routers.tcprouter1.service=foobar"
 - "traefik.tcp.routers.tcprouter1.tls=true"
 - "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
@@ -193,21 +205,18 @@
 - "traefik.tcp.routers.tcprouter1.tls.domains[1].sans=foobar, foobar"
 - "traefik.tcp.routers.tcprouter1.tls.options=foobar"
 - "traefik.tcp.routers.tcprouter1.tls.passthrough=true"
+- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol=true"
 - "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42"
 - "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
 - "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
+- "traefik.tls.stores.store0.defaultgeneratedcert.domain.main=foobar"
+- "traefik.tls.stores.store0.defaultgeneratedcert.domain.sans=foobar, foobar"
+- "traefik.tls.stores.store0.defaultgeneratedcert.resolver=foobar"
+- "traefik.tls.stores.store1.defaultgeneratedcert.domain.main=foobar"
+- "traefik.tls.stores.store1.defaultgeneratedcert.domain.sans=foobar, foobar"
+- "traefik.tls.stores.store1.defaultgeneratedcert.resolver=foobar"
 - "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"
 - "traefik.udp.routers.udprouter0.service=foobar"
 - "traefik.udp.routers.udprouter1.entrypoints=foobar, foobar"
 - "traefik.udp.routers.udprouter1.service=foobar"
 - "traefik.udp.services.udpservice01.loadbalancer.server.port=foobar"
- "traefik.tls.stores.Store0.defaultcertificate.certfile=foobar"
- "traefik.tls.stores.Store0.defaultcertificate.keyfile=foobar"
- "traefik.tls.stores.Store0.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.Store0.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.Store0.defaultgeneratedcert.resolver=foobar"
- "traefik.tls.stores.Store1.defaultcertificate.certfile=foobar"
- "traefik.tls.stores.Store1.defaultcertificate.keyfile=foobar"
- "traefik.tls.stores.Store1.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.Store1.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.Store1.defaultgeneratedcert.resolver=foobar"
--- a/docs/content/reference/dynamic-configuration/file.toml
+++ b/docs/content/reference/dynamic-configuration/file.toml
@@ -1,3 +1,5 @@
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
 [http]
  [http.routers]
    [http.routers.Router0]
@@ -36,22 +38,27 @@
          sans = ["foobar", "foobar"]
  [http.services]
    [http.services.Service01]
-      [http.services.Service01.loadBalancer]
+      [http.services.Service01.failover]
+        service = "foobar"
+        fallback = "foobar"
+        [http.services.Service01.failover.healthCheck]
+    [http.services.Service02]
+      [http.services.Service02.loadBalancer]
        passHostHeader = true
        serversTransport = "foobar"
-        [http.services.Service01.loadBalancer.sticky]
-          [http.services.Service01.loadBalancer.sticky.cookie]
+        [http.services.Service02.loadBalancer.sticky]
+          [http.services.Service02.loadBalancer.sticky.cookie]
            name = "foobar"
            secure = true
            httpOnly = true
            sameSite = "foobar"

-        [[http.services.Service01.loadBalancer.servers]]
+        [[http.services.Service02.loadBalancer.servers]]
          url = "foobar"

-        [[http.services.Service01.loadBalancer.servers]]
+        [[http.services.Service02.loadBalancer.servers]]
          url = "foobar"
-        [http.services.Service01.loadBalancer.healthCheck]
+        [http.services.Service02.loadBalancer.healthCheck]
          scheme = "foobar"
          path = "foobar"
          method = "foobar"
@@ -60,109 +67,102 @@
          timeout = "foobar"
          hostname = "foobar"
          followRedirects = true
-          [http.services.Service01.loadBalancer.healthCheck.headers]
+          [http.services.Service02.loadBalancer.healthCheck.headers]
            name0 = "foobar"
            name1 = "foobar"
-        [http.services.Service01.loadBalancer.responseForwarding]
+        [http.services.Service02.loadBalancer.responseForwarding]
          flushInterval = "foobar"
-    [http.services.Service02]
-      [http.services.Service02.mirroring]
+    [http.services.Service03]
+      [http.services.Service03.mirroring]
        service = "foobar"
        maxBodySize = 42

-        [http.services.Service02.mirroring.healthCheck]
-
-        [[http.services.Service02.mirroring.mirrors]]
+        [[http.services.Service03.mirroring.mirrors]]
          name = "foobar"
          percent = 42

-        [[http.services.Service02.mirroring.mirrors]]
+        [[http.services.Service03.mirroring.mirrors]]
          name = "foobar"
          percent = 42
-    [http.services.Service03]
-      [http.services.Service03.weighted]
-        [http.services.Service03.weighted.healthCheck]
+        [http.services.Service03.mirroring.healthCheck]
+    [http.services.Service04]
+      [http.services.Service04.weighted]

-        [[http.services.Service03.weighted.services]]
+        [[http.services.Service04.weighted.services]]
          name = "foobar"
          weight = 42

-        [[http.services.Service03.weighted.services]]
+        [[http.services.Service04.weighted.services]]
          name = "foobar"
          weight = 42
-        [http.services.Service03.weighted.sticky]
-          [http.services.Service03.weighted.sticky.cookie]
+        [http.services.Service04.weighted.sticky]
+          [http.services.Service04.weighted.sticky.cookie]
            name = "foobar"
            secure = true
            httpOnly = true
            sameSite = "foobar"
-    [http.services.Service04]
-      [http.services.Service04.failover]
-        service = "foobar"
-        fallback = "foobar"
-
-      [http.services.Service04.failover.healthCheck]
+        [http.services.Service04.weighted.healthCheck]
  [http.middlewares]
-    [http.middlewares.Middleware00]
-      [http.middlewares.Middleware00.addPrefix]
-        prefix = "foobar"
    [http.middlewares.Middleware01]
-      [http.middlewares.Middleware01.basicAuth]
+      [http.middlewares.Middleware01.addPrefix]
+        prefix = "foobar"
+    [http.middlewares.Middleware02]
+      [http.middlewares.Middleware02.basicAuth]
        users = ["foobar", "foobar"]
        usersFile = "foobar"
        realm = "foobar"
        removeHeader = true
        headerField = "foobar"
-    [http.middlewares.Middleware02]
-      [http.middlewares.Middleware02.buffering]
+    [http.middlewares.Middleware03]
+      [http.middlewares.Middleware03.buffering]
        maxRequestBodyBytes = 42
        memRequestBodyBytes = 42
        maxResponseBodyBytes = 42
        memResponseBodyBytes = 42
        retryExpression = "foobar"
-    [http.middlewares.Middleware03]
-      [http.middlewares.Middleware03.chain]
-        middlewares = ["foobar", "foobar"]
    [http.middlewares.Middleware04]
-      [http.middlewares.Middleware04.circuitBreaker]
+      [http.middlewares.Middleware04.chain]
+        middlewares = ["foobar", "foobar"]
+    [http.middlewares.Middleware05]
+      [http.middlewares.Middleware05.circuitBreaker]
        expression = "foobar"
        checkPeriod = "42s"
        fallbackDuration = "42s"
        recoveryDuration = "42s"
-    [http.middlewares.Middleware05]
-      [http.middlewares.Middleware05.compress]
+    [http.middlewares.Middleware06]
+      [http.middlewares.Middleware06.compress]
        excludedContentTypes = ["foobar", "foobar"]
        minResponseBodyBytes = 42
-    [http.middlewares.Middleware06]
-      [http.middlewares.Middleware06.contentType]
-        autoDetect = true
    [http.middlewares.Middleware07]
-      [http.middlewares.Middleware07.digestAuth]
+      [http.middlewares.Middleware07.contentType]
+        autoDetect = true
+    [http.middlewares.Middleware08]
+      [http.middlewares.Middleware08.digestAuth]
        users = ["foobar", "foobar"]
        usersFile = "foobar"
        removeHeader = true
        realm = "foobar"
        headerField = "foobar"
-    [http.middlewares.Middleware08]
-      [http.middlewares.Middleware08.errors]
+    [http.middlewares.Middleware09]
+      [http.middlewares.Middleware09.errors]
        status = ["foobar", "foobar"]
        service = "foobar"
        query = "foobar"
-    [http.middlewares.Middleware09]
-      [http.middlewares.Middleware09.forwardAuth]
+    [http.middlewares.Middleware10]
+      [http.middlewares.Middleware10.forwardAuth]
        address = "foobar"
        trustForwardHeader = true
        authResponseHeaders = ["foobar", "foobar"]
        authResponseHeadersRegex = "foobar"
        authRequestHeaders = ["foobar", "foobar"]
-        [http.middlewares.Middleware09.forwardAuth.tls]
+        [http.middlewares.Middleware10.forwardAuth.tls]
          ca = "foobar"
          caOptional = true
          cert = "foobar"
          key = "foobar"
          insecureSkipVerify = true
-    [http.middlewares.Middleware10]
-      [http.middlewares.Middleware10.headers]
+    [http.middlewares.Middleware11]
+      [http.middlewares.Middleware11.headers]
        accessControlAllowCredentials = true
        accessControlAllowHeaders = ["foobar", "foobar"]
        accessControlAllowMethods = ["foobar", "foobar"]
@@ -192,39 +192,45 @@
        featurePolicy = "foobar"
        permissionsPolicy = "foobar"
        isDevelopment = true
-        [http.middlewares.Middleware10.headers.customRequestHeaders]
+        [http.middlewares.Middleware11.headers.customRequestHeaders]
          name0 = "foobar"
          name1 = "foobar"
-        [http.middlewares.Middleware10.headers.customResponseHeaders]
+        [http.middlewares.Middleware11.headers.customResponseHeaders]
          name0 = "foobar"
          name1 = "foobar"
-        [http.middlewares.Middleware10.headers.sslProxyHeaders]
+        [http.middlewares.Middleware11.headers.sslProxyHeaders]
          name0 = "foobar"
          name1 = "foobar"
-    [http.middlewares.Middleware11]
-      [http.middlewares.Middleware11.ipWhiteList]
+    [http.middlewares.Middleware12]
+      [http.middlewares.Middleware12.ipAllowList]
        sourceRange = ["foobar", "foobar"]
-        [http.middlewares.Middleware11.ipWhiteList.ipStrategy]
+        [http.middlewares.Middleware12.ipAllowList.ipStrategy]
          depth = 42
          excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware12]
-      [http.middlewares.Middleware12.inFlightReq]
+    [http.middlewares.Middleware13]
+      [http.middlewares.Middleware13.ipWhiteList]
+        sourceRange = ["foobar", "foobar"]
+        [http.middlewares.Middleware13.ipWhiteList.ipStrategy]
+          depth = 42
+          excludedIPs = ["foobar", "foobar"]
+    [http.middlewares.Middleware14]
+      [http.middlewares.Middleware14.inFlightReq]
        amount = 42
-        [http.middlewares.Middleware12.inFlightReq.sourceCriterion]
+        [http.middlewares.Middleware14.inFlightReq.sourceCriterion]
          requestHeaderName = "foobar"
          requestHost = true
-          [http.middlewares.Middleware12.inFlightReq.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware14.inFlightReq.sourceCriterion.ipStrategy]
            depth = 42
            excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware13]
-      [http.middlewares.Middleware13.passTLSClientCert]
+    [http.middlewares.Middleware15]
+      [http.middlewares.Middleware15.passTLSClientCert]
        pem = true
-        [http.middlewares.Middleware13.passTLSClientCert.info]
+        [http.middlewares.Middleware15.passTLSClientCert.info]
          notAfter = true
          notBefore = true
          sans = true
          serialNumber = true
-          [http.middlewares.Middleware13.passTLSClientCert.info.subject]
+          [http.middlewares.Middleware15.passTLSClientCert.info.subject]
            country = true
            province = true
            locality = true
@@ -233,7 +239,7 @@
            commonName = true
            serialNumber = true
            domainComponent = true
-          [http.middlewares.Middleware13.passTLSClientCert.info.issuer]
+          [http.middlewares.Middleware15.passTLSClientCert.info.issuer]
            country = true
            province = true
            locality = true
@@ -241,48 +247,52 @@
            commonName = true
            serialNumber = true
            domainComponent = true
-    [http.middlewares.Middleware14]
-      [http.middlewares.Middleware14.plugin]
-        [http.middlewares.Middleware14.plugin.PluginConf]
-          foo = "bar"
-    [http.middlewares.Middleware15]
-      [http.middlewares.Middleware15.rateLimit]
+    [http.middlewares.Middleware16]
+      [http.middlewares.Middleware16.plugin]
+        [http.middlewares.Middleware16.plugin.PluginConf0]
+          name0 = "foobar"
+          name1 = "foobar"
+        [http.middlewares.Middleware16.plugin.PluginConf1]
+          name0 = "foobar"
+          name1 = "foobar"
+    [http.middlewares.Middleware17]
+      [http.middlewares.Middleware17.rateLimit]
        average = 42
        period = "42s"
        burst = 42
-        [http.middlewares.Middleware15.rateLimit.sourceCriterion]
+        [http.middlewares.Middleware17.rateLimit.sourceCriterion]
          requestHeaderName = "foobar"
          requestHost = true
-          [http.middlewares.Middleware15.rateLimit.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware17.rateLimit.sourceCriterion.ipStrategy]
            depth = 42
            excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware16]
-      [http.middlewares.Middleware16.redirectRegex]
+    [http.middlewares.Middleware18]
+      [http.middlewares.Middleware18.redirectRegex]
        regex = "foobar"
        replacement = "foobar"
        permanent = true
-    [http.middlewares.Middleware17]
-      [http.middlewares.Middleware17.redirectScheme]
+    [http.middlewares.Middleware19]
+      [http.middlewares.Middleware19.redirectScheme]
        scheme = "foobar"
        port = "foobar"
        permanent = true
-    [http.middlewares.Middleware18]
-      [http.middlewares.Middleware18.replacePath]
+    [http.middlewares.Middleware20]
+      [http.middlewares.Middleware20.replacePath]
        path = "foobar"
-    [http.middlewares.Middleware19]
-      [http.middlewares.Middleware19.replacePathRegex]
+    [http.middlewares.Middleware21]
+      [http.middlewares.Middleware21.replacePathRegex]
        regex = "foobar"
        replacement = "foobar"
-    [http.middlewares.Middleware20]
-      [http.middlewares.Middleware20.retry]
+    [http.middlewares.Middleware22]
+      [http.middlewares.Middleware22.retry]
        attempts = 42
        initialInterval = "42s"
-    [http.middlewares.Middleware21]
-      [http.middlewares.Middleware21.stripPrefix]
+    [http.middlewares.Middleware23]
+      [http.middlewares.Middleware23.stripPrefix]
        prefixes = ["foobar", "foobar"]
        forceSlash = true
-    [http.middlewares.Middleware22]
-      [http.middlewares.Middleware22.stripPrefixRegex]
+    [http.middlewares.Middleware24]
+      [http.middlewares.Middleware24.stripPrefixRegex]
        regex = ["foobar", "foobar"]
  [http.serversTransports]
    [http.serversTransports.ServersTransport0]
@@ -389,11 +399,14 @@
          name = "foobar"
          weight = 42
  [tcp.middlewares]
-    [tcp.middlewares.TCPMiddleware00]
-      [tcp.middlewares.TCPMiddleware00.ipWhiteList]
-        sourceRange = ["foobar", "foobar"]
    [tcp.middlewares.TCPMiddleware01]
-      [tcp.middlewares.TCPMiddleware01.inFlightConn]
+      [tcp.middlewares.TCPMiddleware01.ipAllowList]
+        sourceRange = ["foobar", "foobar"]
+    [tcp.middlewares.TCPMiddleware02]
+      [tcp.middlewares.TCPMiddleware02.ipWhiteList]
+        sourceRange = ["foobar", "foobar"]
+    [tcp.middlewares.TCPMiddleware03]
+      [tcp.middlewares.TCPMiddleware03.inFlightConn]
        amount = 42

 [udp]
--- a/docs/content/reference/dynamic-configuration/file.yaml
+++ b/docs/content/reference/dynamic-configuration/file.yaml
@@ -1,3 +1,5 @@
+## CODE GENERATED AUTOMATICALLY
+## THIS FILE MUST NOT BE EDITED BY HAND
 http:
  routers:
    Router0:
@@ -46,6 +48,11 @@ http:
              - foobar
  services:
    Service01:
+      failover:
+        service: foobar
+        fallback: foobar
+        healthCheck: {}
+    Service02:
      loadBalancer:
        sticky:
          cookie:
@@ -72,19 +79,18 @@ http:
        responseForwarding:
          flushInterval: foobar
        serversTransport: foobar
-    Service02:
+    Service03:
      mirroring:
        service: foobar
        maxBodySize: 42
-        healthCheck: {}
        mirrors:
          - name: foobar
            percent: 42
          - name: foobar
            percent: 42
-    Service03:
-      weighted:
        healthCheck: {}
+    Service04:
+      weighted:
        services:
          - name: foobar
            weight: 42
@@ -96,16 +102,12 @@ http:
            secure: true
            httpOnly: true
            sameSite: foobar
-    Service04:
-      failover:
-        service: foobar
-        fallback: foobar
        healthCheck: {}
  middlewares:
-    Middleware00:
+    Middleware01:
      addPrefix:
        prefix: foobar
-    Middleware01:
+    Middleware02:
      basicAuth:
        users:
          - foobar
@@ -114,34 +116,34 @@ http:
        realm: foobar
        removeHeader: true
        headerField: foobar
-    Middleware02:
+    Middleware03:
      buffering:
        maxRequestBodyBytes: 42
        memRequestBodyBytes: 42
        maxResponseBodyBytes: 42
        memResponseBodyBytes: 42
        retryExpression: foobar
-    Middleware03:
+    Middleware04:
      chain:
        middlewares:
          - foobar
          - foobar
-    Middleware04:
+    Middleware05:
      circuitBreaker:
        expression: foobar
        checkPeriod: 42s
        fallbackDuration: 42s
        recoveryDuration: 42s
-    Middleware05:
+    Middleware06:
      compress:
        excludedContentTypes:
          - foobar
          - foobar
        minResponseBodyBytes: 42
-    Middleware06:
+    Middleware07:
      contentType:
        autoDetect: true
-    Middleware07:
+    Middleware08:
      digestAuth:
        users:
          - foobar
@@ -150,14 +152,14 @@ http:
        removeHeader: true
        realm: foobar
        headerField: foobar
-    Middleware08:
+    Middleware09:
      errors:
        status:
          - foobar
          - foobar
        service: foobar
        query: foobar
-    Middleware09:
+    Middleware10:
      forwardAuth:
        address: foobar
        tls:
@@ -174,7 +176,7 @@ http:
        authRequestHeaders:
          - foobar
          - foobar
-    Middleware10:
+    Middleware11:
      headers:
        customRequestHeaders:
          name0: foobar
@@ -228,7 +230,17 @@ http:
        featurePolicy: foobar
        permissionsPolicy: foobar
        isDevelopment: true
-    Middleware11:
+    Middleware12:
+      ipAllowList:
+        sourceRange:
+          - foobar
+          - foobar
+        ipStrategy:
+          depth: 42
+          excludedIPs:
+            - foobar
+            - foobar
+    Middleware13:
      ipWhiteList:
        sourceRange:
          - foobar
@@ -238,7 +250,7 @@ http:
          excludedIPs:
            - foobar
            - foobar
-    Middleware12:
+    Middleware14:
      inFlightReq:
        amount: 42
        sourceCriterion:
@@ -249,13 +261,14 @@ http:
              - foobar
          requestHeaderName: foobar
          requestHost: true
-    Middleware13:
+    Middleware15:
      passTLSClientCert:
        pem: true
        info:
          notAfter: true
          notBefore: true
          sans: true
+          serialNumber: true
          subject:
            country: true
            province: true
@@ -273,12 +286,15 @@ http:
            commonName: true
            serialNumber: true
            domainComponent: true
-          serialNumber: true
-    Middleware14:
+    Middleware16:
      plugin:
-        PluginConf:
-          foo: bar
-    Middleware15:
+        PluginConf0:
+          name0: foobar
+          name1: foobar
+        PluginConf1:
+          name0: foobar
+          name1: foobar
+    Middleware17:
      rateLimit:
        average: 42
        period: 42s
@@ -291,34 +307,34 @@ http:
              - foobar
          requestHeaderName: foobar
          requestHost: true
-    Middleware16:
+    Middleware18:
      redirectRegex:
        regex: foobar
        replacement: foobar
        permanent: true
-    Middleware17:
+    Middleware19:
      redirectScheme:
        scheme: foobar
        port: foobar
        permanent: true
-    Middleware18:
+    Middleware20:
      replacePath:
        path: foobar
-    Middleware19:
+    Middleware21:
      replacePathRegex:
        regex: foobar
        replacement: foobar
-    Middleware20:
+    Middleware22:
      retry:
        attempts: 42
        initialInterval: 42s
-    Middleware21:
+    Middleware23:
      stripPrefix:
        prefixes:
          - foobar
          - foobar
        forceSlash: true
-    Middleware22:
+    Middleware24:
      stripPrefixRegex:
        regex:
          - foobar
@@ -429,12 +445,17 @@ tcp:
          - name: foobar
            weight: 42
  middlewares:
-    TCPMiddleware00:
+    TCPMiddleware01:
+      ipAllowList:
+        sourceRange:
+          - foobar
+          - foobar
+    TCPMiddleware02:
      ipWhiteList:
        sourceRange:
          - foobar
          - foobar
-    TCPMiddleware01:
+    TCPMiddleware03:
      inFlightConn:
        amount: 42
 udp:
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
@@ -148,7 +148,7 @@ spec:
        - name: whoamitcp
          port: 8080
      middlewares:
-        - name: ipwhitelist
+        - name: ipallowlist
  tls:
    secretName: foosecret
    passthrough: false
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd.md
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.md
@@ -35,3 +35,5 @@ Dynamic configuration with Kubernetes Custom Resource
 ```yaml
 --8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
 ```
+
+{!traefik-for-business-applications.md!}
--- a/docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: traefik-controller
      containers:
        - name: traefik
-          image: traefik:v2.10
+          image: traefik:v2.11
          args:
            - --entrypoints.web.address=:80
            - --entrypoints.websecure.address=:443
--- a/docs/content/reference/dynamic-configuration/kubernetes-gateway.md
+++ b/docs/content/reference/dynamic-configuration/kubernetes-gateway.md
@@ -29,3 +29,5 @@ Dynamic configuration with Kubernetes Gateway provider.
 ```yaml
 --8<-- "content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml"
 ```
+
+{!traefik-for-business-applications.md!}
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@@ -1,145 +1,157 @@
-| `traefik/http/middlewares/Middleware00/addPrefix/prefix` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware01/basicAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware02/buffering/maxRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/maxResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/memRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/memResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/retryExpression` | `foobar` |
-| `traefik/http/middlewares/Middleware03/chain/middlewares/0` | `foobar` |
-| `traefik/http/middlewares/Middleware03/chain/middlewares/1` | `foobar` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/checkPeriod` | `42s` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/expression` | `foobar` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/fallbackDuration` | `42s` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/recoveryDuration` | `42s` |
-| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware05/compress/minResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware06/contentType/autoDetect` | `true` |
-| `traefik/http/middlewares/Middleware07/digestAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware07/digestAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/query` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/service` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/status/0` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/status/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/address` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authRequestHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authRequestHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/trustForwardHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowCredentials` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowMethods/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowMethods/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginListRegex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginListRegex/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlMaxAge` | `42` |
-| `traefik/http/middlewares/Middleware10/headers/addVaryHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/allowedHosts/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/allowedHosts/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/browserXssFilter` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/contentSecurityPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/contentTypeNosniff` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/customBrowserXSSValue` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customFrameOptionsValue` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/isDevelopment` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/commonName` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/country` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/locality` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/organization` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/province` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/notAfter` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/notBefore` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/sans` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/commonName` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/country` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/locality` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/organization` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/organizationalUnit` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/province` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/pem` | `true` |
-| `traefik/http/middlewares/Middleware14/plugin/PluginConf/foo` | `bar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/average` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/burst` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/period` | `42s` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/permanent` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/permanent` | `true` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/port` | `foobar` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/scheme` | `foobar` |
-| `traefik/http/middlewares/Middleware18/replacePath/path` | `foobar` |
-| `traefik/http/middlewares/Middleware19/replacePathRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
-| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
+<!--
+CODE GENERATED AUTOMATICALLY
+THIS FILE MUST NOT BE EDITED BY HAND
+-->
+| `traefik/http/middlewares/Middleware01/addPrefix/prefix` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/headerField` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/realm` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/removeHeader` | `true` |
+| `traefik/http/middlewares/Middleware02/basicAuth/users/0` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/users/1` | `foobar` |
+| `traefik/http/middlewares/Middleware02/basicAuth/usersFile` | `foobar` |
+| `traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware03/buffering/retryExpression` | `foobar` |
+| `traefik/http/middlewares/Middleware04/chain/middlewares/0` | `foobar` |
+| `traefik/http/middlewares/Middleware04/chain/middlewares/1` | `foobar` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod` | `42s` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` |
+| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
+| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
+| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
+| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` |
+| `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` |
+| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` |
+| `traefik/http/middlewares/Middleware08/digestAuth/users/0` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/users/1` | `foobar` |
+| `traefik/http/middlewares/Middleware08/digestAuth/usersFile` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/query` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/service` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/status/0` | `foobar` |
+| `traefik/http/middlewares/Middleware09/errors/status/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/address` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` |
+| `traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowCredentials` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowMethods/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowMethods/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginList/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginList/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginListRegex/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlAllowOriginListRegex/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlExposeHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlExposeHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/accessControlMaxAge` | `42` |
+| `traefik/http/middlewares/Middleware11/headers/addVaryHeader` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/allowedHosts/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/allowedHosts/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/browserXssFilter` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/contentSecurityPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/contentTypeNosniff` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/customBrowserXSSValue` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customFrameOptionsValue` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customRequestHeaders/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customRequestHeaders/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customResponseHeaders/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/customResponseHeaders/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/featurePolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/forceSTSHeader` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/frameDeny` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/hostsProxyHeaders/0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/hostsProxyHeaders/1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/isDevelopment` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/permissionsPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/publicKey` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/referrerPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslForceHost` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/sslHost` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslProxyHeaders/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslProxyHeaders/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware11/headers/sslRedirect` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/sslTemporaryRedirect` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/stsIncludeSubdomains` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/stsPreload` | `true` |
+| `traefik/http/middlewares/Middleware11/headers/stsSeconds` | `42` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/sourceRange/0` | `foobar` |
+| `traefik/http/middlewares/Middleware12/ipAllowList/sourceRange/1` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/sourceRange/0` | `foobar` |
+| `traefik/http/middlewares/Middleware13/ipWhiteList/sourceRange/1` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/amount` | `42` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
+| `traefik/http/middlewares/Middleware14/inFlightReq/sourceCriterion/requestHost` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/commonName` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/country` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/domainComponent` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/locality` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/organization` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/province` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/issuer/serialNumber` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/notAfter` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/notBefore` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/sans` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/serialNumber` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/commonName` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/country` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/domainComponent` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/locality` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/organization` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/organizationalUnit` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/province` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/info/subject/serialNumber` | `true` |
+| `traefik/http/middlewares/Middleware15/passTLSClientCert/pem` | `true` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf0/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf0/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf1/name0` | `foobar` |
+| `traefik/http/middlewares/Middleware16/plugin/PluginConf1/name1` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/average` | `42` |
+| `traefik/http/middlewares/Middleware17/rateLimit/burst` | `42` |
+| `traefik/http/middlewares/Middleware17/rateLimit/period` | `42s` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
+| `traefik/http/middlewares/Middleware17/rateLimit/sourceCriterion/requestHost` | `true` |
+| `traefik/http/middlewares/Middleware18/redirectRegex/permanent` | `true` |
+| `traefik/http/middlewares/Middleware18/redirectRegex/regex` | `foobar` |
+| `traefik/http/middlewares/Middleware18/redirectRegex/replacement` | `foobar` |
+| `traefik/http/middlewares/Middleware19/redirectScheme/permanent` | `true` |
+| `traefik/http/middlewares/Middleware19/redirectScheme/port` | `foobar` |
+| `traefik/http/middlewares/Middleware19/redirectScheme/scheme` | `foobar` |
+| `traefik/http/middlewares/Middleware20/replacePath/path` | `foobar` |
+| `traefik/http/middlewares/Middleware21/replacePathRegex/regex` | `foobar` |
+| `traefik/http/middlewares/Middleware21/replacePathRegex/replacement` | `foobar` |
+| `traefik/http/middlewares/Middleware22/retry/attempts` | `42` |
+| `traefik/http/middlewares/Middleware22/retry/initialInterval` | `42s` |
+| `traefik/http/middlewares/Middleware23/stripPrefix/forceSlash` | `true` |
+| `traefik/http/middlewares/Middleware23/stripPrefix/prefixes/0` | `foobar` |
+| `traefik/http/middlewares/Middleware23/stripPrefix/prefixes/1` | `foobar` |
+| `traefik/http/middlewares/Middleware24/stripPrefixRegex/regex/0` | `foobar` |
+| `traefik/http/middlewares/Middleware24/stripPrefixRegex/regex/1` | `foobar` |
 | `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
 | `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
 | `traefik/http/routers/Router0/middlewares/0` | `foobar` |
@@ -202,47 +214,49 @@
 | `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` |
 | `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` |
 | `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/followRedirects` | `true` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name0` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name1` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/hostname` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/interval` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/method` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/path` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/port` | `42` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/scheme` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/timeout` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/passHostHeader` | `true` |
-| `traefik/http/services/Service01/loadBalancer/responseForwarding/flushInterval` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/servers/0/url` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/servers/1/url` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/serversTransport` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/secure` | `true` |
-| `traefik/http/services/Service02/mirroring/healthCheck` | `` |
-| `traefik/http/services/Service02/mirroring/maxBodySize` | `42` |
-| `traefik/http/services/Service02/mirroring/mirrors/0/name` | `foobar` |
-| `traefik/http/services/Service02/mirroring/mirrors/0/percent` | `42` |
-| `traefik/http/services/Service02/mirroring/mirrors/1/name` | `foobar` |
-| `traefik/http/services/Service02/mirroring/mirrors/1/percent` | `42` |
-| `traefik/http/services/Service02/mirroring/service` | `foobar` |
-| `traefik/http/services/Service03/weighted/healthCheck` | `` |
-| `traefik/http/services/Service03/weighted/services/0/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/0/weight` | `42` |
-| `traefik/http/services/Service03/weighted/services/1/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/1/weight` | `42` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/secure` | `true` |
-| `traefik/http/services/Service04/failover/fallback` | `foobar` |
-| `traefik/http/services/Service04/failover/healthCheck` | `` |
-| `traefik/http/services/Service04/failover/service` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
+| `traefik/http/services/Service01/failover/fallback` | `foobar` |
+| `traefik/http/services/Service01/failover/healthCheck` | `` |
+| `traefik/http/services/Service01/failover/service` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects` | `true` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/hostname` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/interval` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/method` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/path` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/port` | `42` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
+| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/name` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite` | `foobar` |
+| `traefik/http/services/Service02/loadBalancer/sticky/cookie/secure` | `true` |
+| `traefik/http/services/Service03/mirroring/healthCheck` | `` |
+| `traefik/http/services/Service03/mirroring/maxBodySize` | `42` |
+| `traefik/http/services/Service03/mirroring/mirrors/0/name` | `foobar` |
+| `traefik/http/services/Service03/mirroring/mirrors/0/percent` | `42` |
+| `traefik/http/services/Service03/mirroring/mirrors/1/name` | `foobar` |
+| `traefik/http/services/Service03/mirroring/mirrors/1/percent` | `42` |
+| `traefik/http/services/Service03/mirroring/service` | `foobar` |
+| `traefik/http/services/Service04/weighted/healthCheck` | `` |
+| `traefik/http/services/Service04/weighted/services/0/name` | `foobar` |
+| `traefik/http/services/Service04/weighted/services/0/weight` | `42` |
+| `traefik/http/services/Service04/weighted/services/1/name` | `foobar` |
+| `traefik/http/services/Service04/weighted/services/1/weight` | `42` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/httpOnly` | `true` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/name` | `foobar` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/sameSite` | `foobar` |
+| `traefik/http/services/Service04/weighted/sticky/cookie/secure` | `true` |
+| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1` | `foobar` |
+| `traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount` | `42` |
 | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
 | `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` |
--- a/docs/content/reference/dynamic-configuration/marathon-labels.json
+++ b/docs/content/reference/dynamic-configuration/marathon-labels.json
@@ -1,126 +1,136 @@
-"traefik.http.middlewares.middleware00.addprefix.prefix": "foobar",
-"traefik.http.middlewares.middleware01.basicauth.headerfield": "foobar",
-"traefik.http.middlewares.middleware01.basicauth.realm": "foobar",
-"traefik.http.middlewares.middleware01.basicauth.removeheader": "true",
-"traefik.http.middlewares.middleware01.basicauth.users": "foobar, foobar",
-"traefik.http.middlewares.middleware01.basicauth.usersfile": "foobar",
-"traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.memrequestbodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.memresponsebodybytes": "42",
-"traefik.http.middlewares.middleware02.buffering.retryexpression": "foobar",
-"traefik.http.middlewares.middleware03.chain.middlewares": "foobar, foobar",
-"traefik.http.middlewares.middleware04.circuitbreaker.expression": "foobar",
-"traefik.http.middlewares.middleware04.circuitbreaker.checkperiod": "42s",
-"traefik.http.middlewares.middleware04.circuitbreaker.fallbackduration": "42s",
-"traefik.http.middlewares.middleware04.circuitbreaker.recoveryduration": "42s",
-"traefik.http.middlewares.middleware05.compress": "true",
-"traefik.http.middlewares.middleware05.compress.excludedcontenttypes": "foobar, foobar",
-"traefik.http.middlewares.middleware05.compress.minresponsebodybytes": "42",
-"traefik.http.middlewares.middleware06.contenttype.autodetect": "true",
-"traefik.http.middlewares.middleware07.digestauth.headerfield": "foobar",
-"traefik.http.middlewares.middleware07.digestauth.realm": "foobar",
-"traefik.http.middlewares.middleware07.digestauth.removeheader": "true",
-"traefik.http.middlewares.middleware07.digestauth.users": "foobar, foobar",
-"traefik.http.middlewares.middleware07.digestauth.usersfile": "foobar",
-"traefik.http.middlewares.middleware08.errors.query": "foobar",
-"traefik.http.middlewares.middleware08.errors.service": "foobar",
-"traefik.http.middlewares.middleware08.errors.status": "foobar, foobar",
-"traefik.http.middlewares.middleware09.forwardauth.address": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.authrequestheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
-"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
-"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
-"traefik.http.middlewares.middleware09.forwardauth.trustforwardheader": "true",
-"traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials": "true",
-"traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlistregex": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolmaxage": "42",
-"traefik.http.middlewares.middleware10.headers.addvaryheader": "true",
-"traefik.http.middlewares.middleware10.headers.allowedhosts": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.browserxssfilter": "true",
-"traefik.http.middlewares.middleware10.headers.contentsecuritypolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.contenttypenosniff": "true",
-"traefik.http.middlewares.middleware10.headers.custombrowserxssvalue": "foobar",
-"traefik.http.middlewares.middleware10.headers.customframeoptionsvalue": "foobar",
-"traefik.http.middlewares.middleware10.headers.customrequestheaders.name0": "foobar",
-"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
-"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
-"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
-"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
-"traefik.http.middlewares.middleware10.headers.framedeny": "true",
-"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
-"traefik.http.middlewares.middleware10.headers.isdevelopment": "true",
-"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.publickey": "foobar",
-"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
-"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
-"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
-"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
-"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
-"traefik.http.middlewares.middleware10.headers.stspreload": "true",
-"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
-"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar",
-"traefik.http.middlewares.middleware12.inflightreq.amount": "42",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.sans": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organizationalunit": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.pem": "true",
-"traefik.http.middlewares.middleware14.plugin.foobar.foo": "bar",
-"traefik.http.middlewares.middleware15.ratelimit.average": "42",
-"traefik.http.middlewares.middleware15.ratelimit.burst": "42",
-"traefik.http.middlewares.middleware15.ratelimit.period": "42",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware16.redirectregex.permanent": "true",
-"traefik.http.middlewares.middleware16.redirectregex.regex": "foobar",
-"traefik.http.middlewares.middleware16.redirectregex.replacement": "foobar",
-"traefik.http.middlewares.middleware17.redirectscheme.permanent": "true",
-"traefik.http.middlewares.middleware17.redirectscheme.port": "foobar",
-"traefik.http.middlewares.middleware17.redirectscheme.scheme": "foobar",
-"traefik.http.middlewares.middleware18.replacepath.path": "foobar",
-"traefik.http.middlewares.middleware19.replacepathregex.regex": "foobar",
-"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
-"traefik.http.middlewares.middleware20.retry.attempts": "42",
-"traefik.http.middlewares.middleware20.retry.initialinterval": "42",
-"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
-"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
-"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
+// CODE GENERATED AUTOMATICALLY
+// THIS FILE MUST NOT BE EDITED BY HAND
+"traefik.http.middlewares.middleware01.addprefix.prefix": "foobar",
+"traefik.http.middlewares.middleware02.basicauth.headerfield": "foobar",
+"traefik.http.middlewares.middleware02.basicauth.realm": "foobar",
+"traefik.http.middlewares.middleware02.basicauth.removeheader": "true",
+"traefik.http.middlewares.middleware02.basicauth.users": "foobar, foobar",
+"traefik.http.middlewares.middleware02.basicauth.usersfile": "foobar",
+"traefik.http.middlewares.middleware03.buffering.maxrequestbodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.maxresponsebodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.memrequestbodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.memresponsebodybytes": "42",
+"traefik.http.middlewares.middleware03.buffering.retryexpression": "foobar",
+"traefik.http.middlewares.middleware04.chain.middlewares": "foobar, foobar",
+"traefik.http.middlewares.middleware05.circuitbreaker.checkperiod": "42s",
+"traefik.http.middlewares.middleware05.circuitbreaker.expression": "foobar",
+"traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration": "42s",
+"traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration": "42s",
+"traefik.http.middlewares.middleware06.compress": "true",
+"traefik.http.middlewares.middleware06.compress.excludedcontenttypes": "foobar, foobar",
+"traefik.http.middlewares.middleware06.compress.minresponsebodybytes": "42",
+"traefik.http.middlewares.middleware07.contenttype.autodetect": "true",
+"traefik.http.middlewares.middleware08.digestauth.headerfield": "foobar",
+"traefik.http.middlewares.middleware08.digestauth.realm": "foobar",
+"traefik.http.middlewares.middleware08.digestauth.removeheader": "true",
+"traefik.http.middlewares.middleware08.digestauth.users": "foobar, foobar",
+"traefik.http.middlewares.middleware08.digestauth.usersfile": "foobar",
+"traefik.http.middlewares.middleware09.errors.query": "foobar",
+"traefik.http.middlewares.middleware09.errors.service": "foobar",
+"traefik.http.middlewares.middleware09.errors.status": "foobar, foobar",
+"traefik.http.middlewares.middleware10.forwardauth.address": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.authrequestheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.forwardauth.authresponseheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.tls.ca": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.tls.caoptional": "true",
+"traefik.http.middlewares.middleware10.forwardauth.tls.cert": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify": "true",
+"traefik.http.middlewares.middleware10.forwardauth.tls.key": "foobar",
+"traefik.http.middlewares.middleware10.forwardauth.trustforwardheader": "true",
+"traefik.http.middlewares.middleware11.headers.accesscontrolallowcredentials": "true",
+"traefik.http.middlewares.middleware11.headers.accesscontrolallowheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolallowmethods": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlist": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlistregex": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolexposeheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.accesscontrolmaxage": "42",
+"traefik.http.middlewares.middleware11.headers.addvaryheader": "true",
+"traefik.http.middlewares.middleware11.headers.allowedhosts": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.browserxssfilter": "true",
+"traefik.http.middlewares.middleware11.headers.contentsecuritypolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.contenttypenosniff": "true",
+"traefik.http.middlewares.middleware11.headers.custombrowserxssvalue": "foobar",
+"traefik.http.middlewares.middleware11.headers.customframeoptionsvalue": "foobar",
+"traefik.http.middlewares.middleware11.headers.customrequestheaders.name0": "foobar",
+"traefik.http.middlewares.middleware11.headers.customrequestheaders.name1": "foobar",
+"traefik.http.middlewares.middleware11.headers.customresponseheaders.name0": "foobar",
+"traefik.http.middlewares.middleware11.headers.customresponseheaders.name1": "foobar",
+"traefik.http.middlewares.middleware11.headers.featurepolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.forcestsheader": "true",
+"traefik.http.middlewares.middleware11.headers.framedeny": "true",
+"traefik.http.middlewares.middleware11.headers.hostsproxyheaders": "foobar, foobar",
+"traefik.http.middlewares.middleware11.headers.isdevelopment": "true",
+"traefik.http.middlewares.middleware11.headers.permissionspolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.publickey": "foobar",
+"traefik.http.middlewares.middleware11.headers.referrerpolicy": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslforcehost": "true",
+"traefik.http.middlewares.middleware11.headers.sslhost": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslproxyheaders.name0": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslproxyheaders.name1": "foobar",
+"traefik.http.middlewares.middleware11.headers.sslredirect": "true",
+"traefik.http.middlewares.middleware11.headers.ssltemporaryredirect": "true",
+"traefik.http.middlewares.middleware11.headers.stsincludesubdomains": "true",
+"traefik.http.middlewares.middleware11.headers.stspreload": "true",
+"traefik.http.middlewares.middleware11.headers.stsseconds": "42",
+"traefik.http.middlewares.middleware12.ipallowlist.ipstrategy": "true",
+"traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware12.ipallowlist.sourcerange": "foobar, foobar",
+"traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy": "true",
+"traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware13.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.http.middlewares.middleware14.inflightreq.amount": "42",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.commonname": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.country": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.domaincomponent": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.locality": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.organization": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.province": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.serialnumber": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.notafter": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.notbefore": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.sans": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.serialnumber": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.commonname": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.country": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.domaincomponent": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.locality": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organization": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organizationalunit": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.province": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.serialnumber": "true",
+"traefik.http.middlewares.middleware15.passtlsclientcert.pem": "true",
+"traefik.http.middlewares.middleware16.plugin.pluginconf0.name0": "foobar",
+"traefik.http.middlewares.middleware16.plugin.pluginconf0.name1": "foobar",
+"traefik.http.middlewares.middleware16.plugin.pluginconf1.name0": "foobar",
+"traefik.http.middlewares.middleware16.plugin.pluginconf1.name1": "foobar",
+"traefik.http.middlewares.middleware17.ratelimit.average": "42",
+"traefik.http.middlewares.middleware17.ratelimit.burst": "42",
+"traefik.http.middlewares.middleware17.ratelimit.period": "42s",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware18.redirectregex.permanent": "true",
+"traefik.http.middlewares.middleware18.redirectregex.regex": "foobar",
+"traefik.http.middlewares.middleware18.redirectregex.replacement": "foobar",
+"traefik.http.middlewares.middleware19.redirectscheme.permanent": "true",
+"traefik.http.middlewares.middleware19.redirectscheme.port": "foobar",
+"traefik.http.middlewares.middleware19.redirectscheme.scheme": "foobar",
+"traefik.http.middlewares.middleware20.replacepath.path": "foobar",
+"traefik.http.middlewares.middleware21.replacepathregex.regex": "foobar",
+"traefik.http.middlewares.middleware21.replacepathregex.replacement": "foobar",
+"traefik.http.middlewares.middleware22.retry.attempts": "42",
+"traefik.http.middlewares.middleware22.retry.initialinterval": "42s",
+"traefik.http.middlewares.middleware23.stripprefix.forceslash": "true",
+"traefik.http.middlewares.middleware23.stripprefix.prefixes": "foobar, foobar",
+"traefik.http.middlewares.middleware24.stripprefixregex.regex": "foobar, foobar",
 "traefik.http.routers.router0.entrypoints": "foobar, foobar",
 "traefik.http.routers.router0.middlewares": "foobar, foobar",
 "traefik.http.routers.router0.priority": "42",
@@ -145,32 +155,34 @@
 "traefik.http.routers.router1.tls.domains[1].main": "foobar",
 "traefik.http.routers.router1.tls.domains[1].sans": "foobar, foobar",
 "traefik.http.routers.router1.tls.options": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.followredirects": "true",
-"traefik.http.services.service01.loadbalancer.healthcheck.headers.name0": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.headers.name1": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.hostname": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.interval": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.path": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.method": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.port": "42",
-"traefik.http.services.service01.loadbalancer.healthcheck.scheme": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.timeout": "foobar",
-"traefik.http.services.service01.loadbalancer.passhostheader": "true",
-"traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval": "foobar",
-"traefik.http.services.service01.loadbalancer.serverstransport": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie": "true",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.name": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.samesite": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
-"traefik.http.services.service01.loadbalancer.server.port": "foobar",
-"traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
-"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar",
-"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
+"traefik.http.services.service02.loadbalancer.healthcheck.followredirects": "true",
+"traefik.http.services.service02.loadbalancer.healthcheck.headers.name0": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.headers.name1": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.hostname": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.interval": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.method": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.path": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.port": "42",
+"traefik.http.services.service02.loadbalancer.healthcheck.scheme": "foobar",
+"traefik.http.services.service02.loadbalancer.healthcheck.timeout": "foobar",
+"traefik.http.services.service02.loadbalancer.passhostheader": "true",
+"traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval": "foobar",
+"traefik.http.services.service02.loadbalancer.serverstransport": "foobar",
+"traefik.http.services.service02.loadbalancer.sticky": "true",
+"traefik.http.services.service02.loadbalancer.sticky.cookie": "true",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.httponly": "true",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.name": "foobar",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.samesite": "foobar",
+"traefik.http.services.service02.loadbalancer.sticky.cookie.secure": "true",
+"traefik.http.services.service02.loadbalancer.server.port": "foobar",
+"traefik.http.services.service02.loadbalancer.server.scheme": "foobar",
+"traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange": "foobar, foobar",
+"traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange": "foobar, foobar",
+"traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount": "42",
 "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
 "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",
-"traefik.tcp.routers.tcprouter0.rule": "foobar",
 "traefik.tcp.routers.tcprouter0.priority": "42",
+"traefik.tcp.routers.tcprouter0.rule": "foobar",
 "traefik.tcp.routers.tcprouter0.service": "foobar",
 "traefik.tcp.routers.tcprouter0.tls": "true",
 "traefik.tcp.routers.tcprouter0.tls.certresolver": "foobar",
@@ -182,8 +194,8 @@
 "traefik.tcp.routers.tcprouter0.tls.passthrough": "true",
 "traefik.tcp.routers.tcprouter1.entrypoints": "foobar, foobar",
 "traefik.tcp.routers.tcprouter1.middlewares": "foobar, foobar",
-"traefik.tcp.routers.tcprouter1.rule": "foobar",
 "traefik.tcp.routers.tcprouter1.priority": "42",
+"traefik.tcp.routers.tcprouter1.rule": "foobar",
 "traefik.tcp.routers.tcprouter1.service": "foobar",
 "traefik.tcp.routers.tcprouter1.tls": "true",
 "traefik.tcp.routers.tcprouter1.tls.certresolver": "foobar",
@@ -193,21 +205,18 @@
 "traefik.tcp.routers.tcprouter1.tls.domains[1].sans": "foobar, foobar",
 "traefik.tcp.routers.tcprouter1.tls.options": "foobar",
 "traefik.tcp.routers.tcprouter1.tls.passthrough": "true",
+"traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol": "true",
 "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version": "42",
 "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay": "42",
 "traefik.tcp.services.tcpservice01.loadbalancer.server.port": "foobar",
+"traefik.tls.stores.store0.defaultgeneratedcert.domain.main": "foobar",
+"traefik.tls.stores.store0.defaultgeneratedcert.domain.sans": "foobar, foobar",
+"traefik.tls.stores.store0.defaultgeneratedcert.resolver": "foobar",
+"traefik.tls.stores.store1.defaultgeneratedcert.domain.main": "foobar",
+"traefik.tls.stores.store1.defaultgeneratedcert.domain.sans": "foobar, foobar",
+"traefik.tls.stores.store1.defaultgeneratedcert.resolver": "foobar",
 "traefik.udp.routers.udprouter0.entrypoints": "foobar, foobar",
 "traefik.udp.routers.udprouter0.service": "foobar",
 "traefik.udp.routers.udprouter1.entrypoints": "foobar, foobar",
 "traefik.udp.routers.udprouter1.service": "foobar",
 "traefik.udp.services.udpservice01.loadbalancer.server.port": "foobar",
-"traefik.tls.stores.Store0.defaultcertificate.certfile": "foobar",
-"traefik.tls.stores.Store0.defaultcertificate.keyfile": "foobar",
-"traefik.tls.stores.Store0.defaultgeneratedcert.domain.main": "foobar",
-"traefik.tls.stores.Store0.defaultgeneratedcert.domain.sans": "foobar, foobar",
-"traefik.tls.stores.Store0.defaultgeneratedcert.resolver": "foobar",
-"traefik.tls.stores.Store1.defaultcertificate.certfile": "foobar",
-"traefik.tls.stores.Store1.defaultcertificate.keyfile": "foobar",
-"traefik.tls.stores.Store1.defaultgeneratedcert.domain.main": "foobar",
-"traefik.tls.stores.Store1.defaultgeneratedcert.domain.sans": "foobar, foobar",
-"traefik.tls.stores.Store1.defaultgeneratedcert.resolver": "foobar",
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressroutes.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -22,14 +20,19 @@ spec:
        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -37,10 +40,11 @@ spec:
            description: IngressRouteSpec defines the desired state of IngressRoute.
            properties:
              entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                items:
                  type: string
                type: array
@@ -50,17 +54,21 @@ spec:
                  description: Route holds the HTTP route configuration.
                  properties:
                    kind:
-                      description: Kind defines the kind of the route. Rule is the
-                        only supported kind.
+                      description: |-
+                        Kind defines the kind of the route.
+                        Rule is the only supported kind.
                      enum:
                      - Rule
                      type: string
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
                      type: string
                    middlewares:
-                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      description: |-
+                        Middlewares defines the list of references to Middleware resources.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -78,13 +86,14 @@ spec:
                        type: object
                      type: array
                    priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
                      type: integer
                    services:
-                      description: Services defines the list of Service. It can contain
-                        any combination of TraefikService and/or reference to a Kubernetes
-                        Service.
+                      description: |-
+                        Services defines the list of Service.
+                        It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
                      items:
                        description: Service defines an upstream HTTP service to proxy
                          traffic to.
@@ -96,31 +105,32 @@ spec:
                            - TraefikService
                            type: string
                          name:
-                            description: Name defines the name of the referenced Kubernetes
-                              Service or TraefikService. The differentiation between
-                              the two is specified in the Kind field.
+                            description: |-
+                              Name defines the name of the referenced Kubernetes Service or TraefikService.
+                              The differentiation between the two is specified in the Kind field.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Kubernetes Service or TraefikService.
                            type: string
                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                            type: boolean
                          passHostHeader:
-                            description: PassHostHeader defines whether the client
-                              Host header is forwarded to the upstream Kubernetes
-                              Service. By default, passHostHeader is true.
+                            description: |-
+                              PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                              By default, passHostHeader is true.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          responseForwarding:
@@ -129,30 +139,29 @@ spec:
                              the client.
                            properties:
                              flushInterval:
-                                description: 'FlushInterval defines the interval,
-                                  in milliseconds, in between flushes to the client
-                                  while copying the response body. A negative value
-                                  means to flush immediately after each write to the
-                                  client. This configuration is ignored when ReverseProxy
-                                  recognizes a response as a streaming response; for
-                                  such responses, writes are flushed to the client
-                                  immediately. Default: 100ms'
+                                description: |-
+                                  FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                  A negative value means to flush immediately after each write to the client.
+                                  This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                  for such responses, writes are flushed to the client immediately.
+                                  Default: 100ms
                                type: string
                            type: object
                          scheme:
-                            description: Scheme defines the scheme to use for the
-                              request to the upstream Kubernetes Service. It defaults
-                              to https when Kubernetes Service port is 443, http otherwise.
+                            description: |-
+                              Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                              It defaults to https when Kubernetes Service port is 443, http otherwise.
                            type: string
                          serversTransport:
-                            description: ServersTransport defines the name of ServersTransport
-                              resource to use. It allows to configure the transport
-                              between Traefik and your servers. Can only be used on
-                              a Kubernetes Service.
+                            description: |-
+                              ServersTransport defines the name of ServersTransport resource to use.
+                              It allows to configure the transport between Traefik and your servers.
+                              Can only be used on a Kubernetes Service.
                            type: string
                          sticky:
-                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            description: |-
+                              Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -166,8 +175,9 @@ spec:
                                    description: Name defines the Cookie name.
                                    type: string
                                  sameSite:
-                                    description: 'SameSite defines the same site policy.
-                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    description: |-
+                                      SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                    type: string
                                  secure:
                                    description: Secure defines whether the cookie
@@ -177,15 +187,14 @@ spec:
                                type: object
                            type: object
                          strategy:
-                            description: Strategy defines the load balancing strategy
-                              between the servers. RoundRobin is the only supported
-                              value at the moment.
+                            description: |-
+                              Strategy defines the load balancing strategy between the servers.
+                              RoundRobin is the only supported value at the moment.
                            type: string
                          weight:
-                            description: Weight defines the weight and should only
-                              be specified when Name references a TraefikService object
-                              (and to be precise, one that embeds a Weighted Round
-                              Robin).
+                            description: |-
+                              Weight defines the weight and should only be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round Robin).
                            type: integer
                        required:
                        - name
@@ -197,16 +206,20 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                description: |-
+                  TLS defines the TLS configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
                properties:
                  certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                    type: string
                  domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -222,17 +235,20 @@ spec:
                      type: object
                    type: array
                  options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                    properties:
                      name:
-                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                        type: string
                      namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                        type: string
                    required:
                    - name
@@ -242,17 +258,19 @@ spec:
                      Secret to specify the certificate details.
                    type: string
                  store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                    properties:
                      name:
-                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                        type: string
                      namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                        type: string
                    required:
                    - name
@@ -267,9 +285,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressroutetcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -22,14 +20,19 @@ spec:
        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -37,10 +40,11 @@ spec:
            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
            properties:
              entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                items:
                  type: string
                type: array
@@ -50,7 +54,9 @@ spec:
                  description: RouteTCP holds the TCP route configuration.
                  properties:
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -72,8 +78,9 @@ spec:
                        type: object
                      type: array
                    priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
                      type: integer
                    services:
                      description: Services defines the list of TCP services.
@@ -90,22 +97,24 @@ spec:
                              Kubernetes Service.
                            type: string
                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          proxyProtocol:
-                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            description: |-
+                              ProxyProtocol defines the PROXY protocol configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
                            properties:
                              version:
                                description: Version defines the PROXY Protocol version
@@ -113,13 +122,12 @@ spec:
                                type: integer
                            type: object
                          terminationDelay:
-                            description: TerminationDelay defines the deadline that
-                              the proxy sets, after one of its connected peers indicates
-                              it has closed the writing capability of its connection,
-                              to close the reading capability as well, hence fully
-                              terminating the connection. It is a duration in milliseconds,
-                              defaulting to 100. A negative value means an infinite
-                              deadline (i.e. the reading capability is never closed).
+                            description: |-
+                              TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection, to close the reading capability as well,
+                              hence fully terminating the connection.
+                              It is a duration in milliseconds, defaulting to 100.
+                              A negative value means an infinite deadline (i.e. the reading capability is never closed).
                            type: integer
                          weight:
                            description: Weight defines the weight used when balancing
@@ -135,17 +143,20 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                description: |-
+                  TLS defines the TLS configuration on a layer 4 / TCP Route.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
                properties:
                  certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                    type: string
                  domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -161,9 +172,10 @@ spec:
                      type: object
                    type: array
                  options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -185,9 +197,9 @@ spec:
                      Secret to specify the certificate details.
                    type: string
                  store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -210,9 +222,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressrouteudps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -22,14 +20,19 @@ spec:
        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -37,10 +40,11 @@ spec:
            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
            properties:
              entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                items:
                  type: string
                type: array
@@ -64,17 +68,18 @@ spec:
                              Kubernetes Service.
                            type: string
                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          weight:
@@ -97,9 +102,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: middlewares.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,18 +17,24 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        description: |-
+          Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -38,33 +42,37 @@ spec:
            description: MiddlewareSpec defines the desired state of a Middleware.
            properties:
              addPrefix:
-                description: 'AddPrefix holds the add prefix middleware configuration.
-                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                description: |-
+                  AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding it.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
                properties:
                  prefix:
-                    description: Prefix is the string to add before the current path
-                      in the requested URL. It should include a leading slash (/).
+                    description: |-
+                      Prefix is the string to add before the current path in the requested URL.
+                      It should include a leading slash (/).
                    type: string
                type: object
              basicAuth:
-                description: 'BasicAuth holds the basic auth middleware configuration.
+                description: |-
+                  BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
                properties:
                  headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                    type: string
                  realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                    type: string
                  removeHeader:
-                    description: 'RemoveHeader sets the removeHeader option to true
-                      to remove the authorization header before forwarding the request
-                      to your service. Default: false.'
+                    description: |-
+                      RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+                      Default: false.
                    type: boolean
                  secret:
                    description: Secret is the name of the referenced Kubernetes Secret
@@ -72,48 +80,49 @@ spec:
                    type: string
                type: object
              buffering:
-                description: 'Buffering holds the buffering middleware configuration.
-                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                description: |-
+                  Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can be forwarded to backends.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
                properties:
                  maxRequestBodyBytes:
-                    description: 'MaxRequestBodyBytes defines the maximum allowed
-                      body size for the request (in bytes). If the request exceeds
-                      the allowed size, it is not forwarded to the service, and the
-                      client gets a 413 (Request Entity Too Large) response. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
+                      If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
+                      Default: 0 (no maximum).
                    format: int64
                    type: integer
                  maxResponseBodyBytes:
-                    description: 'MaxResponseBodyBytes defines the maximum allowed
-                      response size from the service (in bytes). If the response exceeds
-                      the allowed size, it is not forwarded to the client. The client
-                      gets a 500 (Internal Server Error) response instead. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
+                      If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
+                      Default: 0 (no maximum).
                    format: int64
                    type: integer
                  memRequestBodyBytes:
-                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
-                      from which the request will be buffered on disk instead of in
-                      memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                    format: int64
                    type: integer
                  memResponseBodyBytes:
-                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
-                      from which the response will be buffered on disk instead of
-                      in memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                    format: int64
                    type: integer
                  retryExpression:
-                    description: 'RetryExpression defines the retry conditions. It
-                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    description: |-
+                      RetryExpression defines the retry conditions.
+                      It is a logical combination of functions with operators AND (&&) and OR (||).
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
                    type: string
                type: object
              chain:
-                description: 'Chain holds the configuration of the chain middleware.
-                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                description: |-
+                  Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other pieces of middleware.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -165,9 +174,10 @@ spec:
                    x-kubernetes-int-or-string: true
                type: object
              compress:
-                description: 'Compress holds the compress middleware configuration.
-                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                description: |-
+                  Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the client, using gzip compression.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
                properties:
                  excludedContentTypes:
                    description: ExcludedContentTypes defines the list of content
@@ -177,40 +187,40 @@ spec:
                      type: string
                    type: array
                  minResponseBodyBytes:
-                    description: 'MinResponseBodyBytes defines the minimum amount
-                      of bytes a response body must have to be compressed. Default:
-                      1024.'
+                    description: |-
+                      MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
+                      Default: 1024.
                    type: integer
                type: object
              contentType:
-                description: ContentType holds the content-type middleware configuration.
-                  This middleware exists to enable the correct behavior until at least
-                  the default one can be changed in a future version.
+                description: |-
+                  ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
                properties:
                  autoDetect:
-                    description: AutoDetect specifies whether to let the `Content-Type`
-                      header, if it has not been set by the backend, be automatically
-                      set to a value derived from the contents of the response. As
-                      a proxy, the default behavior should be to leave the header
-                      alone, regardless of what the backend did with it. However,
-                      the historic default was to always auto-detect and set the header
-                      if it was nil, and it is going to be kept that way in order
-                      to support users currently relying on it.
+                    description: |-
+                      AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
+                      be automatically set to a value derived from the contents of the response.
+                      As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
+                      However, the historic default was to always auto-detect and set the header if it was nil,
+                      and it is going to be kept that way in order to support users currently relying on it.
                    type: boolean
                type: object
              digestAuth:
-                description: 'DigestAuth holds the digest auth middleware configuration.
+                description: |-
+                  DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
                properties:
                  headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                    type: string
                  realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                    type: string
                  removeHeader:
                    description: RemoveHeader defines whether to remove the authorization
@@ -222,18 +232,20 @@ spec:
                    type: string
                type: object
              errors:
-                description: 'ErrorPage holds the custom error middleware configuration.
-                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                description: |-
+                  ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
                properties:
                  query:
-                    description: Query defines the URL for the error page (hosted
-                      by service). The {status} variable can be used in order to insert
-                      the status code in the URL.
+                    description: |-
+                      Query defines the URL for the error page (hosted by service).
+                      The {status} variable can be used in order to insert the status code in the URL.
                    type: string
                  service:
-                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    description: |-
+                      Service defines the reference to a Kubernetes Service that will serve the error page.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
                    properties:
                      kind:
                        description: Kind defines the kind of the Service.
@@ -242,31 +254,32 @@ spec:
                        - TraefikService
                        type: string
                      name:
-                        description: Name defines the name of the referenced Kubernetes
-                          Service or TraefikService. The differentiation between the
-                          two is specified in the Kind field.
+                        description: |-
+                          Name defines the name of the referenced Kubernetes Service or TraefikService.
+                          The differentiation between the two is specified in the Kind field.
                        type: string
                      namespace:
                        description: Namespace defines the namespace of the referenced
                          Kubernetes Service or TraefikService.
                        type: string
                      nativeLB:
-                        description: NativeLB controls, when creating the load-balancer,
-                          whether the LB's children are directly the pods IPs or if
-                          the only child is the Kubernetes Service clusterIP. The
-                          Kubernetes Service itself does load-balance to the pods.
+                        description: |-
+                          NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                          The Kubernetes Service itself does load-balance to the pods.
                          By default, NativeLB is false.
                        type: boolean
                      passHostHeader:
-                        description: PassHostHeader defines whether the client Host
-                          header is forwarded to the upstream Kubernetes Service.
+                        description: |-
+                          PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                          By default, passHostHeader is true.
                        type: boolean
                      port:
                        anyOf:
                        - type: integer
                        - type: string
-                        description: Port defines the port of a Kubernetes Service.
+                        description: |-
+                          Port defines the port of a Kubernetes Service.
                          This can be a reference to a named port.
                        x-kubernetes-int-or-string: true
                      responseForwarding:
@@ -275,29 +288,29 @@ spec:
                          client.
                        properties:
                          flushInterval:
-                            description: 'FlushInterval defines the interval, in milliseconds,
-                              in between flushes to the client while copying the response
-                              body. A negative value means to flush immediately after
-                              each write to the client. This configuration is ignored
-                              when ReverseProxy recognizes a response as a streaming
-                              response; for such responses, writes are flushed to
-                              the client immediately. Default: 100ms'
+                            description: |-
+                              FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                              A negative value means to flush immediately after each write to the client.
+                              This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                              for such responses, writes are flushed to the client immediately.
+                              Default: 100ms
                            type: string
                        type: object
                      scheme:
-                        description: Scheme defines the scheme to use for the request
-                          to the upstream Kubernetes Service. It defaults to https
-                          when Kubernetes Service port is 443, http otherwise.
+                        description: |-
+                          Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                          It defaults to https when Kubernetes Service port is 443, http otherwise.
                        type: string
                      serversTransport:
-                        description: ServersTransport defines the name of ServersTransport
-                          resource to use. It allows to configure the transport between
-                          Traefik and your servers. Can only be used on a Kubernetes
-                          Service.
+                        description: |-
+                          ServersTransport defines the name of ServersTransport resource to use.
+                          It allows to configure the transport between Traefik and your servers.
+                          Can only be used on a Kubernetes Service.
                        type: string
                      sticky:
-                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        description: |-
+                          Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -310,8 +323,9 @@ spec:
                                description: Name defines the Cookie name.
                                type: string
                              sameSite:
-                                description: 'SameSite defines the same site policy.
-                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                description: |-
+                                  SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                type: string
                              secure:
                                description: Secure defines whether the cookie can
@@ -321,40 +335,42 @@ spec:
                            type: object
                        type: object
                      strategy:
-                        description: Strategy defines the load balancing strategy
-                          between the servers. RoundRobin is the only supported value
-                          at the moment.
+                        description: |-
+                          Strategy defines the load balancing strategy between the servers.
+                          RoundRobin is the only supported value at the moment.
                        type: string
                      weight:
-                        description: Weight defines the weight and should only be
-                          specified when Name references a TraefikService object (and
-                          to be precise, one that embeds a Weighted Round Robin).
+                        description: |-
+                          Weight defines the weight and should only be specified when Name references a TraefikService object
+                          (and to be precise, one that embeds a Weighted Round Robin).
                        type: integer
                    required:
                    - name
                    type: object
                  status:
-                    description: Status defines which status or range of statuses
-                      should result in an error page. It can be either a status code
-                      as a number (500), as multiple comma-separated numbers (500,502),
-                      as ranges by separating two codes with a dash (500-599), or
-                      a combination of the two (404,418,500-599).
+                    description: |-
+                      Status defines which status or range of statuses should result in an error page.
+                      It can be either a status code as a number (500),
+                      as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599),
+                      or a combination of the two (404,418,500-599).
                    items:
                      type: string
                    type: array
                type: object
              forwardAuth:
-                description: 'ForwardAuth holds the forward auth middleware configuration.
+                description: |-
+                  ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
                properties:
                  address:
                    description: Address defines the authentication server address.
                    type: string
                  authRequestHeaders:
-                    description: AuthRequestHeaders defines the list of the headers
-                      to copy from the request to the authentication server. If not
-                      set or empty then all request headers are passed.
+                    description: |-
+                      AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+                      If not set or empty then all request headers are passed.
                    items:
                      type: string
                    type: array
@@ -366,10 +382,9 @@ spec:
                      type: string
                    type: array
                  authResponseHeadersRegex:
-                    description: 'AuthResponseHeadersRegex defines the regex to match
-                      headers to copy from the authentication server response and
-                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    description: |-
+                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
                    type: string
                  tls:
                    description: TLS defines the configuration used to secure the
@@ -378,14 +393,14 @@ spec:
                      caOptional:
                        type: boolean
                      caSecret:
-                        description: CASecret is the name of the referenced Kubernetes
-                          Secret containing the CA to validate the server certificate.
+                        description: |-
+                          CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
                        type: string
                      certSecret:
-                        description: CertSecret is the name of the referenced Kubernetes
-                          Secret containing the client certificate. The client certificate
-                          is extracted from the keys `tls.crt` and `tls.key`.
+                        description: |-
+                          CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
+                          The client certificate is extracted from the keys `tls.crt` and `tls.key`.
                        type: string
                      insecureSkipVerify:
                        description: InsecureSkipVerify defines whether the server
@@ -398,9 +413,10 @@ spec:
                    type: boolean
                type: object
              headers:
-                description: 'Headers holds the headers middleware configuration.
-                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                description: |-
+                  Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
                properties:
                  accessControlAllowCredentials:
                    description: AccessControlAllowCredentials defines whether the
@@ -465,12 +481,14 @@ spec:
                      header with the nosniff value.
                    type: boolean
                  customBrowserXSSValue:
-                    description: CustomBrowserXSSValue defines the X-XSS-Protection
-                      header value. This overrides the BrowserXssFilter option.
+                    description: |-
+                      CustomBrowserXSSValue defines the X-XSS-Protection header value.
+                      This overrides the BrowserXssFilter option.
                    type: string
                  customFrameOptionsValue:
-                    description: CustomFrameOptionsValue defines the X-Frame-Options
-                      header value. This overrides the FrameDeny option.
+                    description: |-
+                      CustomFrameOptionsValue defines the X-Frame-Options header value.
+                      This overrides the FrameDeny option.
                    type: string
                  customRequestHeaders:
                    additionalProperties:
@@ -502,25 +520,25 @@ spec:
                      type: string
                    type: array
                  isDevelopment:
-                    description: IsDevelopment defines whether to mitigate the unwanted
-                      effects of the AllowedHosts, SSL, and STS options when developing.
-                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
-                      not your production domain. If you would like your development
-                      environment to mimic production with complete Host blocking,
-                      SSL redirects, and STS headers, leave this as false.
+                    description: |-
+                      IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
+                      If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
+                      and STS headers, leave this as false.
                    type: boolean
                  permissionsPolicy:
-                    description: PermissionsPolicy defines the Permissions-Policy
-                      header value. This allows sites to control browser features.
+                    description: |-
+                      PermissionsPolicy defines the Permissions-Policy header value.
+                      This allows sites to control browser features.
                    type: string
                  publicKey:
                    description: PublicKey is the public key that implements HPKP
                      to prevent MITM attacks with forged certificates.
                    type: string
                  referrerPolicy:
-                    description: ReferrerPolicy defines the Referrer-Policy header
-                      value. This allows sites to control whether browsers forward
-                      the Referer header to other sites.
+                    description: |-
+                      ReferrerPolicy defines the Referrer-Policy header value.
+                      This allows sites to control whether browsers forward the Referer header to other sites.
                    type: string
                  sslForceHost:
                    description: 'Deprecated: use RedirectRegex instead.'
@@ -531,10 +549,9 @@ spec:
                  sslProxyHeaders:
                    additionalProperties:
                      type: string
-                    description: 'SSLProxyHeaders defines the header keys with associated
-                      values that would indicate a valid HTTPS request. It can be
-                      useful when using other proxies (example: "X-Forwarded-Proto":
-                      "https").'
+                    description: |-
+                      SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
+                      It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
                    type: object
                  sslRedirect:
                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -553,33 +570,35 @@ spec:
                      to the Strict-Transport-Security header.
                    type: boolean
                  stsSeconds:
-                    description: STSSeconds defines the max-age of the Strict-Transport-Security
-                      header. If set to 0, the header is not set.
+                    description: |-
+                      STSSeconds defines the max-age of the Strict-Transport-Security header.
+                      If set to 0, the header is not set.
                    format: int64
                    type: integer
                type: object
              inFlightReq:
-                description: 'InFlightReq holds the in-flight request middleware configuration.
-                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                description: |-
+                  InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and served concurrently.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
                properties:
                  amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      in-flight request. The middleware responds with HTTP 429 Too
-                      Many Requests if there are already amount requests in progress
-                      (based on the same sourceCriterion strategy).
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous in-flight request.
+                      The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
                    format: int64
                    type: integer
                  sourceCriterion:
-                    description: 'SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
                    properties:
                      ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -604,14 +623,16 @@ spec:
                        type: boolean
                    type: object
                type: object
-              ipWhiteList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
-                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+              ipAllowList:
+                description: |-
+                  IPAllowList holds the IP allowlist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
                properties:
                  ipStrategy:
-                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
@@ -632,10 +653,42 @@ spec:
                      type: string
                    type: array
                type: object
+              ipWhiteList:
+                description: |-
+                  IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+                  Deprecated: please use IPAllowList instead.
+                properties:
+                  ipStrategy:
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation). Required.
+                    items:
+                      type: string
+                    type: array
+                type: object
              passTLSClientCert:
-                description: 'PassTLSClientCert holds the pass TLS client cert middleware
-                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                description: |-
+                  PassTLSClientCert holds the pass TLS client cert middleware configuration.
+                  This middleware adds the selected data from the passed client TLS certificate to a header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
                properties:
                  info:
                    description: Info selects the specific client certificate details
@@ -736,46 +789,48 @@ spec:
              plugin:
                additionalProperties:
                  x-kubernetes-preserve-unknown-fields: true
-                description: 'Plugin defines the middleware plugin configuration.
-                  More info: https://doc.traefik.io/traefik/plugins/'
+                description: |-
+                  Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/
                type: object
              rateLimit:
-                description: 'RateLimit holds the rate limit configuration. This middleware
-                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                description: |-
+                  RateLimit holds the rate limit configuration.
+                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
                properties:
                  average:
-                    description: Average is the maximum rate, by default in requests/s,
-                      allowed for the given source. It defaults to 0, which means
-                      no rate limiting. The rate is actually defined by dividing Average
-                      by Period. So for a rate below 1req/s, one needs to define a
-                      Period larger than a second.
+                    description: |-
+                      Average is the maximum rate, by default in requests/s, allowed for the given source.
+                      It defaults to 0, which means no rate limiting.
+                      The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
+                      one needs to define a Period larger than a second.
                    format: int64
                    type: integer
                  burst:
-                    description: Burst is the maximum number of requests allowed to
-                      arrive in the same arbitrarily small period of time. It defaults
-                      to 1.
+                    description: |-
+                      Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
+                      It defaults to 1.
                    format: int64
                    type: integer
                  period:
                    anyOf:
                    - type: integer
                    - type: string
-                    description: 'Period, in combination with Average, defines the
-                      actual maximum rate, such as: r = Average / Period. It defaults
-                      to a second.'
+                    description: |-
+                      Period, in combination with Average, defines the actual maximum rate, such as:
+                      r = Average / Period. It defaults to a second.
                    x-kubernetes-int-or-string: true
                  sourceCriterion:
-                    description: SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the request's remote
-                      address field (as an ipStrategy).
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote address field (as an ipStrategy).
                    properties:
                      ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -801,9 +856,10 @@ spec:
                    type: object
                type: object
              redirectRegex:
-                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                description: |-
+                  RedirectRegex holds the redirect regex middleware configuration.
                  This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -819,9 +875,10 @@ spec:
                    type: string
                type: object
              redirectScheme:
-                description: 'RedirectScheme holds the redirect scheme middleware
-                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                description: |-
+                  RedirectScheme holds the redirect scheme middleware configuration.
+                  This middleware redirects requests from a scheme/port to another.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -835,9 +892,10 @@ spec:
                    type: string
                type: object
              replacePath:
-                description: 'ReplacePath holds the replace path middleware configuration.
-                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                description: |-
+                  ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
                properties:
                  path:
                    description: Path defines the path to use as replacement in the
@@ -845,9 +903,10 @@ spec:
                    type: string
                type: object
              replacePathRegex:
-                description: 'ReplacePathRegex holds the replace path regex middleware
-                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                description: |-
+                  ReplacePathRegex holds the replace path regex middleware configuration.
+                  This middleware replaces the path of a URL using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
                properties:
                  regex:
                    description: Regex defines the regular expression used to match
@@ -859,11 +918,11 @@ spec:
                    type: string
                type: object
              retry:
-                description: 'Retry holds the retry middleware configuration. This
-                  middleware reissues requests a given number of times to a backend
-                  server if that server does not reply. As soon as the server answers,
-                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                description: |-
+                  Retry holds the retry middleware configuration.
+                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
+                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
@@ -873,22 +932,24 @@ spec:
                    anyOf:
                    - type: integer
                    - type: string
-                    description: InitialInterval defines the first wait time in the
-                      exponential backoff series. The maximum interval is calculated
-                      as twice the initialInterval. If unspecified, requests will
-                      be retried immediately. The value of initialInterval should
-                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    description: |-
+                      InitialInterval defines the first wait time in the exponential backoff series.
+                      The maximum interval is calculated as twice the initialInterval.
+                      If unspecified, requests will be retried immediately.
+                      The value of initialInterval should be provided in seconds or as a valid duration format,
+                      see https://pkg.go.dev/time#ParseDuration.
                    x-kubernetes-int-or-string: true
                type: object
              stripPrefix:
-                description: 'StripPrefix holds the strip prefix middleware configuration.
+                description: |-
+                  StripPrefix holds the strip prefix middleware configuration.
                  This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
                properties:
                  forceSlash:
-                    description: 'ForceSlash ensures that the resulting stripped path
-                      is not the empty string, by replacing it with / when necessary.
-                      Default: true.'
+                    description: |-
+                      ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
+                      Default: true.
                    type: boolean
                  prefixes:
                    description: Prefixes defines the prefixes to strip from the request
@@ -898,9 +959,10 @@ spec:
                    type: array
                type: object
              stripPrefixRegex:
-                description: 'StripPrefixRegex holds the strip prefix regex middleware
-                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                description: |-
+                  StripPrefixRegex holds the strip prefix regex middleware configuration.
+                  This middleware removes the matching prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
                properties:
                  regex:
                    description: Regex defines the regular expression to match the
@@ -916,9 +978,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: middlewaretcps.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,18 +17,24 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        description: |-
+          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -41,14 +45,31 @@ spec:
                description: InFlightConn defines the InFlightConn middleware configuration.
                properties:
                  amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      connections. The middleware closes the connection if there are
-                      already amount connections opened.
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous connections.
+                      The middleware closes the connection if there are already amount connections opened.
                    format: int64
                    type: integer
                type: object
+              ipAllowList:
+                description: |-
+                  IPAllowList defines the IPAllowList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
              ipWhiteList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: |-
+                  IPWhiteList defines the IPWhiteList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  Deprecated: please use IPAllowList instead.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -64,9 +85,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: serverstransports.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,20 +17,26 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+        description: |-
+          ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -120,9 +124,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: tlsoptions.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,19 +17,24 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
-          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        description: |-
+          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -39,15 +42,16 @@ spec:
            description: TLSOptionSpec defines the desired state of a TLSOption.
            properties:
              alpnProtocols:
-                description: 'ALPNProtocols defines the list of supported application
-                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                description: |-
+                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
                items:
                  type: string
                type: array
              cipherSuites:
-                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                description: |-
+                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
                items:
                  type: string
                type: array
@@ -73,26 +77,29 @@ spec:
                    type: array
                type: object
              curvePreferences:
-                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                description: |-
+                  CurvePreferences defines the preferred elliptic curves in a specific order.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
                items:
                  type: string
                type: array
              maxVersion:
-                description: 'MaxVersion defines the maximum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: None.'
+                description: |-
+                  MaxVersion defines the maximum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: None.
                type: string
              minVersion:
-                description: 'MinVersion defines the minimum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: VersionTLS10.'
+                description: |-
+                  MinVersion defines the minimum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: VersionTLS10.
                type: string
              preferServerCipherSuites:
-                description: 'PreferServerCipherSuites defines whether the server
-                  chooses a cipher suite among his own instead of among the client''s.
+                description: |-
+                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
-                  Deprecated: https://github.com/golang/go/issues/45430'
+                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
                description: SniStrict defines whether Traefik allows connections
@@ -105,9 +112,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: tlsstores.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,20 +17,26 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
-          the time being, only the TLSStore named default is supported. This means
-          that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        description: |-
+          TLSStore is the CRD implementation of a Traefik TLS Store.
+          For the time being, only the TLSStore named default is supported.
+          This means that you cannot have two stores that are named default in different Kubernetes namespaces.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -91,9 +95,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: traefikservices.traefik.containo.us
 spec:
  group: traefik.containo.us
@@ -19,19 +17,27 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'TraefikService is the CRD implementation of a Traefik Service.
-          TraefikService object allows to: - Apply weight to Services on load-balancing
-          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        description: |-
+          TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to:
+          - Apply weight to Services on load-balancing
+          - Mirror traffic on services
+          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -48,10 +54,10 @@ spec:
                    - TraefikService
                    type: string
                  maxBodySize:
-                    description: MaxBodySize defines the maximum size allowed for
-                      the body of the request. If the body is larger, the request
-                      is not mirrored. Default value is -1, which means unlimited
-                      size.
+                    description: |-
+                      MaxBodySize defines the maximum size allowed for the body of the request.
+                      If the body is larger, the request is not mirrored.
+                      Default value is -1, which means unlimited size.
                    format: int64
                    type: integer
                  mirrors:
@@ -67,35 +73,37 @@ spec:
                          - TraefikService
                          type: string
                        name:
-                          description: Name defines the name of the referenced Kubernetes
-                            Service or TraefikService. The differentiation between
-                            the two is specified in the Kind field.
+                          description: |-
+                            Name defines the name of the referenced Kubernetes Service or TraefikService.
+                            The differentiation between the two is specified in the Kind field.
                          type: string
                        namespace:
                          description: Namespace defines the namespace of the referenced
                            Kubernetes Service or TraefikService.
                          type: string
                        nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
+                          description: |-
+                            NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the pods.
+                            By default, NativeLB is false.
                          type: boolean
                        passHostHeader:
-                          description: PassHostHeader defines whether the client Host
-                            header is forwarded to the upstream Kubernetes Service.
+                          description: |-
+                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                            By default, passHostHeader is true.
                          type: boolean
                        percent:
-                          description: 'Percent defines the part of the traffic to
-                            mirror. Supported values: 0 to 100.'
+                          description: |-
+                            Percent defines the part of the traffic to mirror.
+                            Supported values: 0 to 100.
                          type: integer
                        port:
                          anyOf:
                          - type: integer
                          - type: string
-                          description: Port defines the port of a Kubernetes Service.
+                          description: |-
+                            Port defines the port of a Kubernetes Service.
                            This can be a reference to a named port.
                          x-kubernetes-int-or-string: true
                        responseForwarding:
@@ -104,30 +112,29 @@ spec:
                            client.
                          properties:
                            flushInterval:
-                              description: 'FlushInterval defines the interval, in
-                                milliseconds, in between flushes to the client while
-                                copying the response body. A negative value means
-                                to flush immediately after each write to the client.
-                                This configuration is ignored when ReverseProxy recognizes
-                                a response as a streaming response; for such responses,
-                                writes are flushed to the client immediately. Default:
-                                100ms'
+                              description: |-
+                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                A negative value means to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                for such responses, writes are flushed to the client immediately.
+                                Default: 100ms
                              type: string
                          type: object
                        scheme:
-                          description: Scheme defines the scheme to use for the request
-                            to the upstream Kubernetes Service. It defaults to https
-                            when Kubernetes Service port is 443, http otherwise.
+                          description: |-
+                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                          type: string
                        serversTransport:
-                          description: ServersTransport defines the name of ServersTransport
-                            resource to use. It allows to configure the transport
-                            between Traefik and your servers. Can only be used on
-                            a Kubernetes Service.
+                          description: |-
+                            ServersTransport defines the name of ServersTransport resource to use.
+                            It allows to configure the transport between Traefik and your servers.
+                            Can only be used on a Kubernetes Service.
                          type: string
                        sticky:
-                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          description: |-
+                            Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -140,8 +147,9 @@ spec:
                                  description: Name defines the Cookie name.
                                  type: string
                                sameSite:
-                                  description: 'SameSite defines the same site policy.
-                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  description: |-
+                                    SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                  type: string
                                secure:
                                  description: Secure defines whether the cookie can
@@ -151,13 +159,13 @@ spec:
                              type: object
                          type: object
                        strategy:
-                          description: Strategy defines the load balancing strategy
-                            between the servers. RoundRobin is the only supported
-                            value at the moment.
+                          description: |-
+                            Strategy defines the load balancing strategy between the servers.
+                            RoundRobin is the only supported value at the moment.
                          type: string
                        weight:
-                          description: Weight defines the weight and should only be
-                            specified when Name references a TraefikService object
+                          description: |-
+                            Weight defines the weight and should only be specified when Name references a TraefikService object
                            (and to be precise, one that embeds a Weighted Round Robin).
                          type: integer
                      required:
@@ -165,60 +173,62 @@ spec:
                      type: object
                    type: array
                  name:
-                    description: Name defines the name of the referenced Kubernetes
-                      Service or TraefikService. The differentiation between the two
-                      is specified in the Kind field.
+                    description: |-
+                      Name defines the name of the referenced Kubernetes Service or TraefikService.
+                      The differentiation between the two is specified in the Kind field.
                    type: string
                  namespace:
                    description: Namespace defines the namespace of the referenced
                      Kubernetes Service or TraefikService.
                    type: string
                  nativeLB:
-                    description: NativeLB controls, when creating the load-balancer,
-                      whether the LB's children are directly the pods IPs or if the
-                      only child is the Kubernetes Service clusterIP. The Kubernetes
-                      Service itself does load-balance to the pods. By default, NativeLB
-                      is false.
+                    description: |-
+                      NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                      The Kubernetes Service itself does load-balance to the pods.
+                      By default, NativeLB is false.
                    type: boolean
                  passHostHeader:
-                    description: PassHostHeader defines whether the client Host header
-                      is forwarded to the upstream Kubernetes Service. By default,
-                      passHostHeader is true.
+                    description: |-
+                      PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                      By default, passHostHeader is true.
                    type: boolean
                  port:
                    anyOf:
                    - type: integer
                    - type: string
-                    description: Port defines the port of a Kubernetes Service. This
-                      can be a reference to a named port.
+                    description: |-
+                      Port defines the port of a Kubernetes Service.
+                      This can be a reference to a named port.
                    x-kubernetes-int-or-string: true
                  responseForwarding:
                    description: ResponseForwarding defines how Traefik forwards the
                      response from the upstream Kubernetes Service to the client.
                    properties:
                      flushInterval:
-                        description: 'FlushInterval defines the interval, in milliseconds,
-                          in between flushes to the client while copying the response
-                          body. A negative value means to flush immediately after
-                          each write to the client. This configuration is ignored
-                          when ReverseProxy recognizes a response as a streaming response;
+                        description: |-
+                          FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                          A negative value means to flush immediately after each write to the client.
+                          This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
                          for such responses, writes are flushed to the client immediately.
-                          Default: 100ms'
+                          Default: 100ms
                        type: string
                    type: object
                  scheme:
-                    description: Scheme defines the scheme to use for the request
-                      to the upstream Kubernetes Service. It defaults to https when
-                      Kubernetes Service port is 443, http otherwise.
+                    description: |-
+                      Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                      It defaults to https when Kubernetes Service port is 443, http otherwise.
                    type: string
                  serversTransport:
-                    description: ServersTransport defines the name of ServersTransport
-                      resource to use. It allows to configure the transport between
-                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    description: |-
+                      ServersTransport defines the name of ServersTransport resource to use.
+                      It allows to configure the transport between Traefik and your servers.
+                      Can only be used on a Kubernetes Service.
                    type: string
                  sticky:
-                    description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    description: |-
+                      Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -231,8 +241,9 @@ spec:
                            description: Name defines the Cookie name.
                            type: string
                          sameSite:
-                            description: 'SameSite defines the same site policy. More
-                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            description: |-
+                              SameSite defines the same site policy.
+                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                            type: string
                          secure:
                            description: Secure defines whether the cookie can only
@@ -241,13 +252,14 @@ spec:
                        type: object
                    type: object
                  strategy:
-                    description: Strategy defines the load balancing strategy between
-                      the servers. RoundRobin is the only supported value at the moment.
+                    description: |-
+                      Strategy defines the load balancing strategy between the servers.
+                      RoundRobin is the only supported value at the moment.
                    type: string
                  weight:
-                    description: Weight defines the weight and should only be specified
-                      when Name references a TraefikService object (and to be precise,
-                      one that embeds a Weighted Round Robin).
+                    description: |-
+                      Weight defines the weight and should only be specified when Name references a TraefikService object
+                      (and to be precise, one that embeds a Weighted Round Robin).
                    type: integer
                required:
                - name
@@ -269,31 +281,32 @@ spec:
                          - TraefikService
                          type: string
                        name:
-                          description: Name defines the name of the referenced Kubernetes
-                            Service or TraefikService. The differentiation between
-                            the two is specified in the Kind field.
+                          description: |-
+                            Name defines the name of the referenced Kubernetes Service or TraefikService.
+                            The differentiation between the two is specified in the Kind field.
                          type: string
                        namespace:
                          description: Namespace defines the namespace of the referenced
                            Kubernetes Service or TraefikService.
                          type: string
                        nativeLB:
-                          description: NativeLB controls, when creating the load-balancer,
-                            whether the LB's children are directly the pods IPs or
-                            if the only child is the Kubernetes Service clusterIP.
-                            The Kubernetes Service itself does load-balance to the
-                            pods. By default, NativeLB is false.
+                          description: |-
+                            NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the pods.
+                            By default, NativeLB is false.
                          type: boolean
                        passHostHeader:
-                          description: PassHostHeader defines whether the client Host
-                            header is forwarded to the upstream Kubernetes Service.
+                          description: |-
+                            PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                            By default, passHostHeader is true.
                          type: boolean
                        port:
                          anyOf:
                          - type: integer
                          - type: string
-                          description: Port defines the port of a Kubernetes Service.
+                          description: |-
+                            Port defines the port of a Kubernetes Service.
                            This can be a reference to a named port.
                          x-kubernetes-int-or-string: true
                        responseForwarding:
@@ -302,30 +315,29 @@ spec:
                            client.
                          properties:
                            flushInterval:
-                              description: 'FlushInterval defines the interval, in
-                                milliseconds, in between flushes to the client while
-                                copying the response body. A negative value means
-                                to flush immediately after each write to the client.
-                                This configuration is ignored when ReverseProxy recognizes
-                                a response as a streaming response; for such responses,
-                                writes are flushed to the client immediately. Default:
-                                100ms'
+                              description: |-
+                                FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                A negative value means to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                for such responses, writes are flushed to the client immediately.
+                                Default: 100ms
                              type: string
                          type: object
                        scheme:
-                          description: Scheme defines the scheme to use for the request
-                            to the upstream Kubernetes Service. It defaults to https
-                            when Kubernetes Service port is 443, http otherwise.
+                          description: |-
+                            Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                            It defaults to https when Kubernetes Service port is 443, http otherwise.
                          type: string
                        serversTransport:
-                          description: ServersTransport defines the name of ServersTransport
-                            resource to use. It allows to configure the transport
-                            between Traefik and your servers. Can only be used on
-                            a Kubernetes Service.
+                          description: |-
+                            ServersTransport defines the name of ServersTransport resource to use.
+                            It allows to configure the transport between Traefik and your servers.
+                            Can only be used on a Kubernetes Service.
                          type: string
                        sticky:
-                          description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          description: |-
+                            Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -338,8 +350,9 @@ spec:
                                  description: Name defines the Cookie name.
                                  type: string
                                sameSite:
-                                  description: 'SameSite defines the same site policy.
-                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  description: |-
+                                    SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                  type: string
                                secure:
                                  description: Secure defines whether the cookie can
@@ -349,13 +362,13 @@ spec:
                              type: object
                          type: object
                        strategy:
-                          description: Strategy defines the load balancing strategy
-                            between the servers. RoundRobin is the only supported
-                            value at the moment.
+                          description: |-
+                            Strategy defines the load balancing strategy between the servers.
+                            RoundRobin is the only supported value at the moment.
                          type: string
                        weight:
-                          description: Weight defines the weight and should only be
-                            specified when Name references a TraefikService object
+                          description: |-
+                            Weight defines the weight and should only be specified when Name references a TraefikService object
                            (and to be precise, one that embeds a Weighted Round Robin).
                          type: integer
                      required:
@@ -363,8 +376,9 @@ spec:
                      type: object
                    type: array
                  sticky:
-                    description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    description: |-
+                      Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -377,8 +391,9 @@ spec:
                            description: Name defines the Cookie name.
                            type: string
                          sameSite:
-                            description: 'SameSite defines the same site policy. More
-                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            description: |-
+                              SameSite defines the same site policy.
+                              More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                            type: string
                          secure:
                            description: Secure defines whether the cookie can only
@@ -394,9 +409,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressroutes.traefik.io
 spec:
  group: traefik.io
@@ -22,14 +20,19 @@ spec:
        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -37,10 +40,11 @@ spec:
            description: IngressRouteSpec defines the desired state of IngressRoute.
            properties:
              entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                items:
                  type: string
                type: array
@@ -50,17 +54,21 @@ spec:
                  description: Route holds the HTTP route configuration.
                  properties:
                    kind:
-                      description: Kind defines the kind of the route. Rule is the
-                        only supported kind.
+                      description: |-
+                        Kind defines the kind of the route.
+                        Rule is the only supported kind.
                      enum:
                      - Rule
                      type: string
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule
                      type: string
                    middlewares:
-                      description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      description: |-
+                        Middlewares defines the list of references to Middleware resources.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -78,13 +86,14 @@ spec:
                        type: object
                      type: array
                    priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority
                      type: integer
                    services:
-                      description: Services defines the list of Service. It can contain
-                        any combination of TraefikService and/or reference to a Kubernetes
-                        Service.
+                      description: |-
+                        Services defines the list of Service.
+                        It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
                      items:
                        description: Service defines an upstream HTTP service to proxy
                          traffic to.
@@ -96,31 +105,32 @@ spec:
                            - TraefikService
                            type: string
                          name:
-                            description: Name defines the name of the referenced Kubernetes
-                              Service or TraefikService. The differentiation between
-                              the two is specified in the Kind field.
+                            description: |-
+                              Name defines the name of the referenced Kubernetes Service or TraefikService.
+                              The differentiation between the two is specified in the Kind field.
                            type: string
                          namespace:
                            description: Namespace defines the namespace of the referenced
                              Kubernetes Service or TraefikService.
                            type: string
                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                            type: boolean
                          passHostHeader:
-                            description: PassHostHeader defines whether the client
-                              Host header is forwarded to the upstream Kubernetes
-                              Service. By default, passHostHeader is true.
+                            description: |-
+                              PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+                              By default, passHostHeader is true.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          responseForwarding:
@@ -129,30 +139,29 @@ spec:
                              the client.
                            properties:
                              flushInterval:
-                                description: 'FlushInterval defines the interval,
-                                  in milliseconds, in between flushes to the client
-                                  while copying the response body. A negative value
-                                  means to flush immediately after each write to the
-                                  client. This configuration is ignored when ReverseProxy
-                                  recognizes a response as a streaming response; for
-                                  such responses, writes are flushed to the client
-                                  immediately. Default: 100ms'
+                                description: |-
+                                  FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                                  A negative value means to flush immediately after each write to the client.
+                                  This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                                  for such responses, writes are flushed to the client immediately.
+                                  Default: 100ms
                                type: string
                            type: object
                          scheme:
-                            description: Scheme defines the scheme to use for the
-                              request to the upstream Kubernetes Service. It defaults
-                              to https when Kubernetes Service port is 443, http otherwise.
+                            description: |-
+                              Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                              It defaults to https when Kubernetes Service port is 443, http otherwise.
                            type: string
                          serversTransport:
-                            description: ServersTransport defines the name of ServersTransport
-                              resource to use. It allows to configure the transport
-                              between Traefik and your servers. Can only be used on
-                              a Kubernetes Service.
+                            description: |-
+                              ServersTransport defines the name of ServersTransport resource to use.
+                              It allows to configure the transport between Traefik and your servers.
+                              Can only be used on a Kubernetes Service.
                            type: string
                          sticky:
-                            description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            description: |-
+                              Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -166,8 +175,9 @@ spec:
                                    description: Name defines the Cookie name.
                                    type: string
                                  sameSite:
-                                    description: 'SameSite defines the same site policy.
-                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    description: |-
+                                      SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                    type: string
                                  secure:
                                    description: Secure defines whether the cookie
@@ -177,15 +187,14 @@ spec:
                                type: object
                            type: object
                          strategy:
-                            description: Strategy defines the load balancing strategy
-                              between the servers. RoundRobin is the only supported
-                              value at the moment.
+                            description: |-
+                              Strategy defines the load balancing strategy between the servers.
+                              RoundRobin is the only supported value at the moment.
                            type: string
                          weight:
-                            description: Weight defines the weight and should only
-                              be specified when Name references a TraefikService object
-                              (and to be precise, one that embeds a Weighted Round
-                              Robin).
+                            description: |-
+                              Weight defines the weight and should only be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round Robin).
                            type: integer
                        required:
                        - name
@@ -197,16 +206,20 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                description: |-
+                  TLS defines the TLS configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls
                properties:
                  certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                    type: string
                  domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -222,17 +235,20 @@ spec:
                      type: object
                    type: array
                  options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                    properties:
                      name:
-                        description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                        type: string
                      namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption
                        type: string
                    required:
                    - name
@@ -242,17 +258,19 @@ spec:
                      Secret to specify the certificate details.
                    type: string
                  store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                    properties:
                      name:
-                        description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                        type: string
                      namespace:
-                        description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        description: |-
+                          Namespace defines the namespace of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore
                        type: string
                    required:
                    - name
@@ -267,9 +285,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressroutetcps.traefik.io
 spec:
  group: traefik.io
@@ -22,14 +20,19 @@ spec:
        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -37,10 +40,11 @@ spec:
            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
            properties:
              entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                items:
                  type: string
                type: array
@@ -50,7 +54,9 @@ spec:
                  description: RouteTCP holds the TCP route configuration.
                  properties:
                    match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      description: |-
+                        Match defines the router's rule.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -72,8 +78,9 @@ spec:
                        type: object
                      type: array
                    priority:
-                      description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      description: |-
+                        Priority defines the router's priority.
+                        More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1
                      type: integer
                    services:
                      description: Services defines the list of TCP services.
@@ -90,22 +97,24 @@ spec:
                              Kubernetes Service.
                            type: string
                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          proxyProtocol:
-                            description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            description: |-
+                              ProxyProtocol defines the PROXY protocol configuration.
+                              More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol
                            properties:
                              version:
                                description: Version defines the PROXY Protocol version
@@ -113,13 +122,12 @@ spec:
                                type: integer
                            type: object
                          terminationDelay:
-                            description: TerminationDelay defines the deadline that
-                              the proxy sets, after one of its connected peers indicates
-                              it has closed the writing capability of its connection,
-                              to close the reading capability as well, hence fully
-                              terminating the connection. It is a duration in milliseconds,
-                              defaulting to 100. A negative value means an infinite
-                              deadline (i.e. the reading capability is never closed).
+                            description: |-
+                              TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection, to close the reading capability as well,
+                              hence fully terminating the connection.
+                              It is a duration in milliseconds, defaulting to 100.
+                              A negative value means an infinite deadline (i.e. the reading capability is never closed).
                            type: integer
                          weight:
                            description: Weight defines the weight used when balancing
@@ -135,17 +143,20 @@ spec:
                  type: object
                type: array
              tls:
-                description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                description: |-
+                  TLS defines the TLS configuration on a layer 4 / TCP Route.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1
                properties:
                  certResolver:
-                    description: 'CertResolver defines the name of the certificate
-                      resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    description: |-
+                      CertResolver defines the name of the certificate resolver to use.
+                      Cert resolvers have to be configured in the static configuration.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers
                    type: string
                  domains:
-                    description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    description: |-
+                      Domains defines the list of domains that will be used to issue certificates.
+                      More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -161,9 +172,10 @@ spec:
                      type: object
                    type: array
                  options:
-                    description: 'Options defines the reference to a TLSOption, that
-                      specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    description: |-
+                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+                      If not defined, the `default` TLSOption is used.
+                      More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -185,9 +197,9 @@ spec:
                      Secret to specify the certificate details.
                    type: string
                  store:
-                    description: Store defines the reference to the TLSStore, that
-                      will be used to store certificates. Please note that only `default`
-                      TLSStore can be used.
+                    description: |-
+                      Store defines the reference to the TLSStore, that will be used to store certificates.
+                      Please note that only `default` TLSStore can be used.
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -210,9 +222,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: ingressrouteudps.traefik.io
 spec:
  group: traefik.io
@@ -22,14 +20,19 @@ spec:
        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -37,10 +40,11 @@ spec:
            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
            properties:
              entryPoints:
-                description: 'EntryPoints defines the list of entry point names to
-                  bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
-                  Default: all.'
+                description: |-
+                  EntryPoints defines the list of entry point names to bind to.
+                  Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/
+                  Default: all.
                items:
                  type: string
                type: array
@@ -64,17 +68,18 @@ spec:
                              Kubernetes Service.
                            type: string
                          nativeLB:
-                            description: NativeLB controls, when creating the load-balancer,
-                              whether the LB's children are directly the pods IPs
-                              or if the only child is the Kubernetes Service clusterIP.
-                              The Kubernetes Service itself does load-balance to the
-                              pods. By default, NativeLB is false.
+                            description: |-
+                              NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the pods.
+                              By default, NativeLB is false.
                            type: boolean
                          port:
                            anyOf:
                            - type: integer
                            - type: string
-                            description: Port defines the port of a Kubernetes Service.
+                            description: |-
+                              Port defines the port of a Kubernetes Service.
                              This can be a reference to a named port.
                            x-kubernetes-int-or-string: true
                          weight:
@@ -97,9 +102,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: middlewares.traefik.io
 spec:
  group: traefik.io
@@ -19,18 +17,24 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        description: |-
+          Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -38,33 +42,37 @@ spec:
            description: MiddlewareSpec defines the desired state of a Middleware.
            properties:
              addPrefix:
-                description: 'AddPrefix holds the add prefix middleware configuration.
-                  This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                description: |-
+                  AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding it.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/
                properties:
                  prefix:
-                    description: Prefix is the string to add before the current path
-                      in the requested URL. It should include a leading slash (/).
+                    description: |-
+                      Prefix is the string to add before the current path in the requested URL.
+                      It should include a leading slash (/).
                    type: string
                type: object
              basicAuth:
-                description: 'BasicAuth holds the basic auth middleware configuration.
+                description: |-
+                  BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/
                properties:
                  headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                    type: string
                  realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                    type: string
                  removeHeader:
-                    description: 'RemoveHeader sets the removeHeader option to true
-                      to remove the authorization header before forwarding the request
-                      to your service. Default: false.'
+                    description: |-
+                      RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+                      Default: false.
                    type: boolean
                  secret:
                    description: Secret is the name of the referenced Kubernetes Secret
@@ -72,48 +80,49 @@ spec:
                    type: string
                type: object
              buffering:
-                description: 'Buffering holds the buffering middleware configuration.
-                  This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                description: |-
+                  Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can be forwarded to backends.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes
                properties:
                  maxRequestBodyBytes:
-                    description: 'MaxRequestBodyBytes defines the maximum allowed
-                      body size for the request (in bytes). If the request exceeds
-                      the allowed size, it is not forwarded to the service, and the
-                      client gets a 413 (Request Entity Too Large) response. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
+                      If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
+                      Default: 0 (no maximum).
                    format: int64
                    type: integer
                  maxResponseBodyBytes:
-                    description: 'MaxResponseBodyBytes defines the maximum allowed
-                      response size from the service (in bytes). If the response exceeds
-                      the allowed size, it is not forwarded to the client. The client
-                      gets a 500 (Internal Server Error) response instead. Default:
-                      0 (no maximum).'
+                    description: |-
+                      MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
+                      If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
+                      Default: 0 (no maximum).
                    format: int64
                    type: integer
                  memRequestBodyBytes:
-                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
-                      from which the request will be buffered on disk instead of in
-                      memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                    format: int64
                    type: integer
                  memResponseBodyBytes:
-                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
-                      from which the response will be buffered on disk instead of
-                      in memory. Default: 1048576 (1Mi).'
+                    description: |-
+                      MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
+                      Default: 1048576 (1Mi).
                    format: int64
                    type: integer
                  retryExpression:
-                    description: 'RetryExpression defines the retry conditions. It
-                      is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    description: |-
+                      RetryExpression defines the retry conditions.
+                      It is a logical combination of functions with operators AND (&&) and OR (||).
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression
                    type: string
                type: object
              chain:
-                description: 'Chain holds the configuration of the chain middleware.
-                  This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                description: |-
+                  Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other pieces of middleware.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -165,9 +174,10 @@ spec:
                    x-kubernetes-int-or-string: true
                type: object
              compress:
-                description: 'Compress holds the compress middleware configuration.
-                  This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                description: |-
+                  Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the client, using gzip compression.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/
                properties:
                  excludedContentTypes:
                    description: ExcludedContentTypes defines the list of content
@@ -177,40 +187,40 @@ spec:
                      type: string
                    type: array
                  minResponseBodyBytes:
-                    description: 'MinResponseBodyBytes defines the minimum amount
-                      of bytes a response body must have to be compressed. Default:
-                      1024.'
+                    description: |-
+                      MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
+                      Default: 1024.
                    type: integer
                type: object
              contentType:
-                description: ContentType holds the content-type middleware configuration.
-                  This middleware exists to enable the correct behavior until at least
-                  the default one can be changed in a future version.
+                description: |-
+                  ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
                properties:
                  autoDetect:
-                    description: AutoDetect specifies whether to let the `Content-Type`
-                      header, if it has not been set by the backend, be automatically
-                      set to a value derived from the contents of the response. As
-                      a proxy, the default behavior should be to leave the header
-                      alone, regardless of what the backend did with it. However,
-                      the historic default was to always auto-detect and set the header
-                      if it was nil, and it is going to be kept that way in order
-                      to support users currently relying on it.
+                    description: |-
+                      AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
+                      be automatically set to a value derived from the contents of the response.
+                      As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
+                      However, the historic default was to always auto-detect and set the header if it was nil,
+                      and it is going to be kept that way in order to support users currently relying on it.
                    type: boolean
                type: object
              digestAuth:
-                description: 'DigestAuth holds the digest auth middleware configuration.
+                description: |-
+                  DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/
                properties:
                  headerField:
-                    description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    description: |-
+                      HeaderField defines a header field to store the authenticated user.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield
                    type: string
                  realm:
-                    description: 'Realm allows the protected resources on a server
-                      to be partitioned into a set of protection spaces, each with
-                      its own authentication scheme. Default: traefik.'
+                    description: |-
+                      Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+                      Default: traefik.
                    type: string
                  removeHeader:
                    description: RemoveHeader defines whether to remove the authorization
@@ -222,18 +232,20 @@ spec:
                    type: string
                type: object
              errors:
-                description: 'ErrorPage holds the custom error middleware configuration.
-                  This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                description: |-
+                  ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/
                properties:
                  query:
-                    description: Query defines the URL for the error page (hosted
-                      by service). The {status} variable can be used in order to insert
-                      the status code in the URL.
+                    description: |-
+                      Query defines the URL for the error page (hosted by service).
+                      The {status} variable can be used in order to insert the status code in the URL.
                    type: string
                  service:
-                    description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    description: |-
+                      Service defines the reference to a Kubernetes Service that will serve the error page.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service
                    properties:
                      kind:
                        description: Kind defines the kind of the Service.
@@ -242,31 +254,32 @@ spec:
                        - TraefikService
                        type: string
                      name:
-                        description: Name defines the name of the referenced Kubernetes
-                          Service or TraefikService. The differentiation between the
-                          two is specified in the Kind field.
+                        description: |-
+                          Name defines the name of the referenced Kubernetes Service or TraefikService.
+                          The differentiation between the two is specified in the Kind field.
                        type: string
                      namespace:
                        description: Namespace defines the namespace of the referenced
                          Kubernetes Service or TraefikService.
                        type: string
                      nativeLB:
-                        description: NativeLB controls, when creating the load-balancer,
-                          whether the LB's children are directly the pods IPs or if
-                          the only child is the Kubernetes Service clusterIP. The
-                          Kubernetes Service itself does load-balance to the pods.
+                        description: |-
+                          NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+                          The Kubernetes Service itself does load-balance to the pods.
                          By default, NativeLB is false.
                        type: boolean
                      passHostHeader:
-                        description: PassHostHeader defines whether the client Host
-                          header is forwarded to the upstream Kubernetes Service.
+                        description: |-
+                          PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
                          By default, passHostHeader is true.
                        type: boolean
                      port:
                        anyOf:
                        - type: integer
                        - type: string
-                        description: Port defines the port of a Kubernetes Service.
+                        description: |-
+                          Port defines the port of a Kubernetes Service.
                          This can be a reference to a named port.
                        x-kubernetes-int-or-string: true
                      responseForwarding:
@@ -275,29 +288,29 @@ spec:
                          client.
                        properties:
                          flushInterval:
-                            description: 'FlushInterval defines the interval, in milliseconds,
-                              in between flushes to the client while copying the response
-                              body. A negative value means to flush immediately after
-                              each write to the client. This configuration is ignored
-                              when ReverseProxy recognizes a response as a streaming
-                              response; for such responses, writes are flushed to
-                              the client immediately. Default: 100ms'
+                            description: |-
+                              FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+                              A negative value means to flush immediately after each write to the client.
+                              This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+                              for such responses, writes are flushed to the client immediately.
+                              Default: 100ms
                            type: string
                        type: object
                      scheme:
-                        description: Scheme defines the scheme to use for the request
-                          to the upstream Kubernetes Service. It defaults to https
-                          when Kubernetes Service port is 443, http otherwise.
+                        description: |-
+                          Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+                          It defaults to https when Kubernetes Service port is 443, http otherwise.
                        type: string
                      serversTransport:
-                        description: ServersTransport defines the name of ServersTransport
-                          resource to use. It allows to configure the transport between
-                          Traefik and your servers. Can only be used on a Kubernetes
-                          Service.
+                        description: |-
+                          ServersTransport defines the name of ServersTransport resource to use.
+                          It allows to configure the transport between Traefik and your servers.
+                          Can only be used on a Kubernetes Service.
                        type: string
                      sticky:
-                        description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        description: |-
+                          Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -310,8 +323,9 @@ spec:
                                description: Name defines the Cookie name.
                                type: string
                              sameSite:
-                                description: 'SameSite defines the same site policy.
-                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                description: |-
+                                  SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
                                type: string
                              secure:
                                description: Secure defines whether the cookie can
@@ -321,40 +335,42 @@ spec:
                            type: object
                        type: object
                      strategy:
-                        description: Strategy defines the load balancing strategy
-                          between the servers. RoundRobin is the only supported value
-                          at the moment.
+                        description: |-
+                          Strategy defines the load balancing strategy between the servers.
+                          RoundRobin is the only supported value at the moment.
                        type: string
                      weight:
-                        description: Weight defines the weight and should only be
-                          specified when Name references a TraefikService object (and
-                          to be precise, one that embeds a Weighted Round Robin).
+                        description: |-
+                          Weight defines the weight and should only be specified when Name references a TraefikService object
+                          (and to be precise, one that embeds a Weighted Round Robin).
                        type: integer
                    required:
                    - name
                    type: object
                  status:
-                    description: Status defines which status or range of statuses
-                      should result in an error page. It can be either a status code
-                      as a number (500), as multiple comma-separated numbers (500,502),
-                      as ranges by separating two codes with a dash (500-599), or
-                      a combination of the two (404,418,500-599).
+                    description: |-
+                      Status defines which status or range of statuses should result in an error page.
+                      It can be either a status code as a number (500),
+                      as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599),
+                      or a combination of the two (404,418,500-599).
                    items:
                      type: string
                    type: array
                type: object
              forwardAuth:
-                description: 'ForwardAuth holds the forward auth middleware configuration.
+                description: |-
+                  ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/
                properties:
                  address:
                    description: Address defines the authentication server address.
                    type: string
                  authRequestHeaders:
-                    description: AuthRequestHeaders defines the list of the headers
-                      to copy from the request to the authentication server. If not
-                      set or empty then all request headers are passed.
+                    description: |-
+                      AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+                      If not set or empty then all request headers are passed.
                    items:
                      type: string
                    type: array
@@ -366,10 +382,9 @@ spec:
                      type: string
                    type: array
                  authResponseHeadersRegex:
-                    description: 'AuthResponseHeadersRegex defines the regex to match
-                      headers to copy from the authentication server response and
-                      set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    description: |-
+                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex
                    type: string
                  tls:
                    description: TLS defines the configuration used to secure the
@@ -378,14 +393,14 @@ spec:
                      caOptional:
                        type: boolean
                      caSecret:
-                        description: CASecret is the name of the referenced Kubernetes
-                          Secret containing the CA to validate the server certificate.
+                        description: |-
+                          CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
                        type: string
                      certSecret:
-                        description: CertSecret is the name of the referenced Kubernetes
-                          Secret containing the client certificate. The client certificate
-                          is extracted from the keys `tls.crt` and `tls.key`.
+                        description: |-
+                          CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
+                          The client certificate is extracted from the keys `tls.crt` and `tls.key`.
                        type: string
                      insecureSkipVerify:
                        description: InsecureSkipVerify defines whether the server
@@ -398,9 +413,10 @@ spec:
                    type: boolean
                type: object
              headers:
-                description: 'Headers holds the headers middleware configuration.
-                  This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                description: |-
+                  Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders
                properties:
                  accessControlAllowCredentials:
                    description: AccessControlAllowCredentials defines whether the
@@ -465,12 +481,14 @@ spec:
                      header with the nosniff value.
                    type: boolean
                  customBrowserXSSValue:
-                    description: CustomBrowserXSSValue defines the X-XSS-Protection
-                      header value. This overrides the BrowserXssFilter option.
+                    description: |-
+                      CustomBrowserXSSValue defines the X-XSS-Protection header value.
+                      This overrides the BrowserXssFilter option.
                    type: string
                  customFrameOptionsValue:
-                    description: CustomFrameOptionsValue defines the X-Frame-Options
-                      header value. This overrides the FrameDeny option.
+                    description: |-
+                      CustomFrameOptionsValue defines the X-Frame-Options header value.
+                      This overrides the FrameDeny option.
                    type: string
                  customRequestHeaders:
                    additionalProperties:
@@ -502,25 +520,25 @@ spec:
                      type: string
                    type: array
                  isDevelopment:
-                    description: IsDevelopment defines whether to mitigate the unwanted
-                      effects of the AllowedHosts, SSL, and STS options when developing.
-                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
-                      not your production domain. If you would like your development
-                      environment to mimic production with complete Host blocking,
-                      SSL redirects, and STS headers, leave this as false.
+                    description: |-
+                      IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
+                      If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
+                      and STS headers, leave this as false.
                    type: boolean
                  permissionsPolicy:
-                    description: PermissionsPolicy defines the Permissions-Policy
-                      header value. This allows sites to control browser features.
+                    description: |-
+                      PermissionsPolicy defines the Permissions-Policy header value.
+                      This allows sites to control browser features.
                    type: string
                  publicKey:
                    description: PublicKey is the public key that implements HPKP
                      to prevent MITM attacks with forged certificates.
                    type: string
                  referrerPolicy:
-                    description: ReferrerPolicy defines the Referrer-Policy header
-                      value. This allows sites to control whether browsers forward
-                      the Referer header to other sites.
+                    description: |-
+                      ReferrerPolicy defines the Referrer-Policy header value.
+                      This allows sites to control whether browsers forward the Referer header to other sites.
                    type: string
                  sslForceHost:
                    description: 'Deprecated: use RedirectRegex instead.'
@@ -531,10 +549,9 @@ spec:
                  sslProxyHeaders:
                    additionalProperties:
                      type: string
-                    description: 'SSLProxyHeaders defines the header keys with associated
-                      values that would indicate a valid HTTPS request. It can be
-                      useful when using other proxies (example: "X-Forwarded-Proto":
-                      "https").'
+                    description: |-
+                      SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
+                      It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
                    type: object
                  sslRedirect:
                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -553,33 +570,35 @@ spec:
                      to the Strict-Transport-Security header.
                    type: boolean
                  stsSeconds:
-                    description: STSSeconds defines the max-age of the Strict-Transport-Security
-                      header. If set to 0, the header is not set.
+                    description: |-
+                      STSSeconds defines the max-age of the Strict-Transport-Security header.
+                      If set to 0, the header is not set.
                    format: int64
                    type: integer
                type: object
              inFlightReq:
-                description: 'InFlightReq holds the in-flight request middleware configuration.
-                  This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                description: |-
+                  InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and served concurrently.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/
                properties:
                  amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      in-flight request. The middleware responds with HTTP 429 Too
-                      Many Requests if there are already amount requests in progress
-                      (based on the same sourceCriterion strategy).
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous in-flight request.
+                      The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
                    format: int64
                    type: integer
                  sourceCriterion:
-                    description: 'SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion
                    properties:
                      ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -604,14 +623,16 @@ spec:
                        type: boolean
                    type: object
                type: object
-              ipWhiteList:
-                description: 'IPWhiteList holds the IP whitelist middleware configuration.
-                  This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+              ipAllowList:
+                description: |-
+                  IPAllowList holds the IP allowlist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/
                properties:
                  ipStrategy:
-                    description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                    properties:
                      depth:
                        description: Depth tells Traefik to use the X-Forwarded-For
@@ -632,10 +653,42 @@ spec:
                      type: string
                    type: array
                type: object
+              ipWhiteList:
+                description: |-
+                  IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware limits allowed requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/
+                  Deprecated: please use IPAllowList instead.
+                properties:
+                  ipStrategy:
+                    description: |-
+                      IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                      More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation). Required.
+                    items:
+                      type: string
+                    type: array
+                type: object
              passTLSClientCert:
-                description: 'PassTLSClientCert holds the pass TLS client cert middleware
-                  configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                description: |-
+                  PassTLSClientCert holds the pass TLS client cert middleware configuration.
+                  This middleware adds the selected data from the passed client TLS certificate to a header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/
                properties:
                  info:
                    description: Info selects the specific client certificate details
@@ -736,46 +789,48 @@ spec:
              plugin:
                additionalProperties:
                  x-kubernetes-preserve-unknown-fields: true
-                description: 'Plugin defines the middleware plugin configuration.
-                  More info: https://doc.traefik.io/traefik/plugins/'
+                description: |-
+                  Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/
                type: object
              rateLimit:
-                description: 'RateLimit holds the rate limit configuration. This middleware
-                  ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                description: |-
+                  RateLimit holds the rate limit configuration.
+                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/
                properties:
                  average:
-                    description: Average is the maximum rate, by default in requests/s,
-                      allowed for the given source. It defaults to 0, which means
-                      no rate limiting. The rate is actually defined by dividing Average
-                      by Period. So for a rate below 1req/s, one needs to define a
-                      Period larger than a second.
+                    description: |-
+                      Average is the maximum rate, by default in requests/s, allowed for the given source.
+                      It defaults to 0, which means no rate limiting.
+                      The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
+                      one needs to define a Period larger than a second.
                    format: int64
                    type: integer
                  burst:
-                    description: Burst is the maximum number of requests allowed to
-                      arrive in the same arbitrarily small period of time. It defaults
-                      to 1.
+                    description: |-
+                      Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
+                      It defaults to 1.
                    format: int64
                    type: integer
                  period:
                    anyOf:
                    - type: integer
                    - type: string
-                    description: 'Period, in combination with Average, defines the
-                      actual maximum rate, such as: r = Average / Period. It defaults
-                      to a second.'
+                    description: |-
+                      Period, in combination with Average, defines the actual maximum rate, such as:
+                      r = Average / Period. It defaults to a second.
                    x-kubernetes-int-or-string: true
                  sourceCriterion:
-                    description: SourceCriterion defines what criterion is used to
-                      group requests as originating from a common source. If several
-                      strategies are defined at the same time, an error will be raised.
-                      If none are set, the default is to use the request's remote
-                      address field (as an ipStrategy).
+                    description: |-
+                      SourceCriterion defines what criterion is used to group requests as originating from a common source.
+                      If several strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote address field (as an ipStrategy).
                    properties:
                      ipStrategy:
-                        description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        description: |-
+                          IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
+                          More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy
                        properties:
                          depth:
                            description: Depth tells Traefik to use the X-Forwarded-For
@@ -801,9 +856,10 @@ spec:
                    type: object
                type: object
              redirectRegex:
-                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                description: |-
+                  RedirectRegex holds the redirect regex middleware configuration.
                  This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -819,9 +875,10 @@ spec:
                    type: string
                type: object
              redirectScheme:
-                description: 'RedirectScheme holds the redirect scheme middleware
-                  configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                description: |-
+                  RedirectScheme holds the redirect scheme middleware configuration.
+                  This middleware redirects requests from a scheme/port to another.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/
                properties:
                  permanent:
                    description: Permanent defines whether the redirection is permanent
@@ -835,9 +892,10 @@ spec:
                    type: string
                type: object
              replacePath:
-                description: 'ReplacePath holds the replace path middleware configuration.
-                  This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                description: |-
+                  ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/
                properties:
                  path:
                    description: Path defines the path to use as replacement in the
@@ -845,9 +903,10 @@ spec:
                    type: string
                type: object
              replacePathRegex:
-                description: 'ReplacePathRegex holds the replace path regex middleware
-                  configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                description: |-
+                  ReplacePathRegex holds the replace path regex middleware configuration.
+                  This middleware replaces the path of a URL using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/
                properties:
                  regex:
                    description: Regex defines the regular expression used to match
@@ -859,11 +918,11 @@ spec:
                    type: string
                type: object
              retry:
-                description: 'Retry holds the retry middleware configuration. This
-                  middleware reissues requests a given number of times to a backend
-                  server if that server does not reply. As soon as the server answers,
-                  the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                description: |-
+                  Retry holds the retry middleware configuration.
+                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
+                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
@@ -873,22 +932,24 @@ spec:
                    anyOf:
                    - type: integer
                    - type: string
-                    description: InitialInterval defines the first wait time in the
-                      exponential backoff series. The maximum interval is calculated
-                      as twice the initialInterval. If unspecified, requests will
-                      be retried immediately. The value of initialInterval should
-                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    description: |-
+                      InitialInterval defines the first wait time in the exponential backoff series.
+                      The maximum interval is calculated as twice the initialInterval.
+                      If unspecified, requests will be retried immediately.
+                      The value of initialInterval should be provided in seconds or as a valid duration format,
+                      see https://pkg.go.dev/time#ParseDuration.
                    x-kubernetes-int-or-string: true
                type: object
              stripPrefix:
-                description: 'StripPrefix holds the strip prefix middleware configuration.
+                description: |-
+                  StripPrefix holds the strip prefix middleware configuration.
                  This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/
                properties:
                  forceSlash:
-                    description: 'ForceSlash ensures that the resulting stripped path
-                      is not the empty string, by replacing it with / when necessary.
-                      Default: true.'
+                    description: |-
+                      ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
+                      Default: true.
                    type: boolean
                  prefixes:
                    description: Prefixes defines the prefixes to strip from the request
@@ -898,9 +959,10 @@ spec:
                    type: array
                type: object
              stripPrefixRegex:
-                description: 'StripPrefixRegex holds the strip prefix regex middleware
-                  configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                description: |-
+                  StripPrefixRegex holds the strip prefix regex middleware configuration.
+                  This middleware removes the matching prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/
                properties:
                  regex:
                    description: Regex defines the regular expression to match the
@@ -916,9 +978,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: middlewaretcps.traefik.io
 spec:
  group: traefik.io
@@ -19,18 +17,24 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        description: |-
+          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -41,14 +45,31 @@ spec:
                description: InFlightConn defines the InFlightConn middleware configuration.
                properties:
                  amount:
-                    description: Amount defines the maximum amount of allowed simultaneous
-                      connections. The middleware closes the connection if there are
-                      already amount connections opened.
+                    description: |-
+                      Amount defines the maximum amount of allowed simultaneous connections.
+                      The middleware closes the connection if there are already amount connections opened.
                    format: int64
                    type: integer
                type: object
+              ipAllowList:
+                description: |-
+                  IPAllowList defines the IPAllowList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
              ipWhiteList:
-                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                description: |-
+                  IPWhiteList defines the IPWhiteList middleware configuration.
+                  This middleware accepts/refuses connections based on the client IP.
+                  Deprecated: please use IPAllowList instead.
+                  More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -64,9 +85,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: serverstransports.traefik.io
 spec:
  group: traefik.io
@@ -19,20 +17,26 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+        description: |-
+          ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -120,9 +124,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
--- a/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
@@ -1,11 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
-  creationTimestamp: null
+    controller-gen.kubebuilder.io/version: v0.14.0
  name: tlsoptions.traefik.io
 spec:
  group: traefik.io
@@ -19,19 +17,24 @@ spec:
  - name: v1alpha1
    schema:
      openAPIV3Schema:
-        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
-          allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        description: |-
+          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
+          More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
        properties:
          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
            type: string
          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
            type: string
          metadata:
            type: object
@@ -39,15 +42,16 @@ spec:
            description: TLSOptionSpec defines the desired state of a TLSOption.
            properties:
              alpnProtocols:
-                description: 'ALPNProtocols defines the list of supported application
-                  level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                description: |-
+                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
                items:
                  type: string
                type: array
              cipherSuites:
-                description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                description: |-
+                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
                items:
                  type: string
                type: array
@@ -73,26 +77,29 @@ spec:
                    type: array
                type: object
              curvePreferences:
-                description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                description: |-
+                  CurvePreferences defines the preferred elliptic curves in a specific order.
+                  More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
                items:
                  type: string
                type: array
              maxVersion:
-                description: 'MaxVersion defines the maximum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: None.'
+                description: |-
+                  MaxVersion defines the maximum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: None.
                type: string
              minVersion:
-                description: 'MinVersion defines the minimum TLS version that Traefik
-                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
-                  VersionTLS13. Default: VersionTLS10.'
+                description: |-
+                  MinVersion defines the minimum TLS version that Traefik will accept.
+                  Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+                  Default: VersionTLS10.
                type: string
              preferServerCipherSuites:
-                description: 'PreferServerCipherSuites defines whether the server
-                  chooses a cipher suite among his own instead of among the client''s.
+                description: |-
+                  PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
                  It is enabled automatically when minVersion or maxVersion is set.
-                  Deprecated: https://github.com/golang/go/issues/45430'
+                  Deprecated: https://github.com/golang/go/issues/45430
                type: boolean
              sniStrict:
                description: SniStrict defines whether Traefik allows connections
@@ -105,9 +112,3 @@ spec:
        type: object
    served: true
    storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Romain	d53f5f01a0	Prepare release v2.11.1	2024-04-10 11:52:03 +02:00
Maxine Aubrey	4e11bf3c38	Adjust ECS network interface detection logic	2024-04-10 10:42:04 +02:00
Dmitry Romashov	1a266c661a	Add a horizontal scroll for the mobile view	2024-04-10 10:22:11 +02:00
Massimiliano D	19e6170fa5	Modify the Hub Button	2024-04-10 09:50:04 +02:00
guangwu	76723b1288	Close created file in ACME local store CheckFile func	2024-04-09 13:12:04 +02:00
Romain	cef842245c	Introduce Lingering Timeout Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io> Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2024-04-08 17:16:04 +02:00
Michel Loiseleur	e5062cef42	chore: update dependencies	2024-04-05 15:14:04 +02:00
Martijn Cremer	998c6174cd	Improved documentation about Nomad ACL minimum rights	2024-04-05 10:14:03 +02:00
Michel Loiseleur	d3516aec31	docs: excludedIPs with IPWhiteList and IPAllowList middleware	2024-04-04 11:32:05 +02:00
Michel Loiseleur	945ff9b0f9	chore(ci): fix and update codeql	2024-04-03 19:08:03 +02:00
Ludovic Fernandez	bbd5846c6a	Update Yaegi to v0.16.1	2024-04-03 18:46:03 +02:00
Baptiste Mayelle	2bc3fa7b4b	Reserve priority range for internal routers Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2024-04-02 17:04:05 +02:00
Romain	c31f5df854	Enforce handling of ACME-TLS/1 challenges Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io> Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2024-03-29 11:36:05 +01:00
Michel Loiseleur	167bdb0d53	docs: improve middleware example	2024-03-28 14:36:04 +01:00
Romain	7f29595c0a	Allow empty replacement with ReplacePathRegex middleware	2024-03-26 13:28:04 +01:00
arukiidou	3fcf265d80	Move from http.FileServer to http.FileServerFS	2024-03-25 20:22:05 +01:00
Baptiste Mayelle	d94e676083	Enforce failure for TCP HostSNI with hostname Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2024-03-25 11:08:04 +01:00
Ludovic Fernandez	141abce2d5	chore: update linter	2024-03-20 10:26:03 +01:00
shivanipawar00	fc875b38e0	Added specification for TCP TLS routers in documentation	2024-03-19 16:00:05 +01:00
Emile Vauge	75790e0ab8	Add sdelicata to maintainers	2024-03-14 16:54:04 +01:00
Emile Vauge	1391c35978	Add youkoulayley to maintainers	2024-03-14 16:18:04 +01:00
Michael	83e4abdb30	Fix dashboard exposition through a router	2024-03-13 15:56:04 +01:00
Romain	4e1e2f5ed0	Bump Elastic APM to v2.4.8	2024-03-12 18:26:05 +01:00
Daniel Wendler	5cf1b95c29	Fix host header mention in prometheus metrics doc	2024-03-11 14:52:04 +01:00
Domi	74daa4cbb3	Update gandiv5 env variable in providers table	2024-03-11 12:06:04 +01:00
Ludovic Fernandez	4fd5fca34f	Update go-acme/lego to v4.16.1	2024-03-11 09:18:03 +01:00
Romain	31a93d5045	Fix log when default TLSStore and TLSOptions are defined multiple times	2024-03-06 14:32:04 +01:00
luigir-it	4cb5825d11	Fix paragraph in entrypoints and Docker docs	2024-03-06 14:12:04 +01:00
Andrea Cappuccio	15f50553e9	Make text more readable in dark mode	2024-03-05 15:10:05 +01:00
Michael	b4ca02da86	Fix multiple dns provider documentation	2024-03-05 14:54:04 +01:00
Marc Mognol	deab4dae8e	Fix default value for peerCertURI option	2024-02-26 15:20:05 +01:00
Andi Sardina Ramos	f7edb394f2	chore(webui): Migrate to Quasar 2.x and Vue.js 3.x	2024-02-26 15:02:04 +01:00
Kevin Pollet	153765f99f	Allow to configure TLSStore default generated certificate with labels	2024-02-26 10:02:06 +01:00
Baptiste Mayelle	453e21c7c9	fix: add ipallowlist in dashboard	2024-02-19 16:50:05 +01:00
Ludovic Fernandez	8b759ab797	fix: int overflow during doc generation on 32 bit arch	2024-02-19 16:02:04 +01:00
Ludovic Fernandez	88a2020817	chore: update linter	2024-02-19 15:44:03 +01:00
Ludovic Fernandez	1034646ae2	Update releases page	2024-02-19 14:46:03 +01:00
Ludovic Fernandez	538f780a85	Update goreleaser configuration	2024-02-16 10:08:04 +01:00
Ludovic Fernandez	b931c8ae9b	Update releases page	2024-02-16 09:54:04 +01:00
Ludovic Fernandez	1e7dbc70a0	fix: don't allow routers higher than internal ones	2024-02-15 16:40:05 +01:00
xpac1985	6a2db4e4e9	Fix typo in statsd metrics docs	2024-02-15 15:20:04 +01:00
Michael	1ea98d3d31	Fix codename	2024-02-14 10:26:07 +01:00
Michael	0c8778639a	Prepare release v2.11.0	2024-02-12 16:14:04 +01:00
Robert Burton	8f29398573	Update the documentation for RateLimit to provide a better example	2024-02-12 09:44:11 +01:00
Julien Salleyron	676de5fb68	Fix file watcher	2024-02-09 11:08:05 +01:00
Ludovic Fernandez	d5cb9b50f4	Update to go1.22 Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2024-02-07 17:14:07 +01:00
Julien Salleyron	e11ff98608	Fix NTLM and Kerberos	2024-02-06 17:34:07 +01:00
Andi Sardina Ramos	8f9ad16f54	chore: Upgrade Node.js version	2024-02-06 09:00:07 +01:00
Michael	5d8b1949b7	fix: upgrade actions/upload-artifact to v4	2024-02-01 14:08:06 +01:00
Massimiliano D	f1104ada65	Fixes the Header Button	2024-02-01 10:52:07 +01:00
Immánuel!	3ba3ca6eb0	Fix the keepAlive options for the CLI examples	2024-01-31 17:00:06 +01:00
Asad Rizvi	4d539273ad	docs: include ECS as supported backend	2024-01-29 18:50:05 +01:00
Ludovic Fernandez	ef0e9c6f05	Update go-acme/lego to v4.15.0	2024-01-29 15:10:05 +01:00
Andi Sardina Ramos	49f04f2772	fix: URL encode resource's id before calling API endpoints	2024-01-25 09:56:05 +01:00
Ludovic Fernandez	03d2e35488	fix: remove snapshot from release target	2024-01-24 18:54:05 +01:00
Romain	547cd81599	Prepare release v2.11.0-rc2	2024-01-24 15:20:09 +01:00
Halimao	b5251c6ac4	misc(Makefile): add `help` target to display the help msg	2024-01-24 11:58:05 +01:00
Julien Salleyron	9befe0dd51	Fix flaky test	2024-01-23 16:46:05 +01:00
Michael	177c4b0ed1	fix: flakiness test on configuration watcher	2024-01-22 16:52:05 +01:00
Michael	8da38ec0a5	fix: tailscale is required for Docker Desktop users	2024-01-19 15:44:05 +01:00
Michael	a6d462f6e8	feat: upgrade gh-action os	2024-01-19 15:12:05 +01:00
Michael	39b0aa6650	Improve makefile	2024-01-17 11:12:05 +01:00
Michael	34d2a816c2	Enhance gendoc for Generating Static and Dynamic Reference Configuration Files	2024-01-16 10:32:05 +01:00
James Rasell	3a461d2f23	deps: update the Nomad API dependency to v1.7.2	2024-01-12 14:22:05 +01:00
Oliver Dvorski	e78374aa29	docs: slightly rewords the documentation	2024-01-10 15:12:07 +01:00
Michael	e522446909	Improve integration tests Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2024-01-09 17:00:07 +01:00
Ludovic Fernandez	cd8d5b8f10	chore: update github.com/docker/docker to v24.0.7	2024-01-05 15:10:05 +01:00
Baptiste Mayelle	eff294829f	Add missing TCP IPAllowList middleware constructor Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2024-01-04 14:58:05 +01:00
Michael	9adf0fb638	Prepare release v2.11.0-rc1	2024-01-03 11:12:05 +01:00
Julien Salleyron	56e2110dc5	Fix readHeaderTimeout in proxyproto	2024-01-02 22:02:05 +01:00
Ludovic Fernandez	5be13802dc	chore: update github.com/fsnotify/fsnotify to v1.7.0	2024-01-02 20:58:06 +01:00
Ludovic Fernandez	7345afd8b6	Update quic-go to v0.40.1	2024-01-02 20:36:06 +01:00
Romain	a84d5c0ef1	Adjust deprecation notice for Kubernetes CRD provider Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>	2024-01-02 20:04:06 +01:00
youpsla	2a9471d278	docs: fix typo	2024-01-02 19:12:06 +01:00
Domenico Andreoli	0042562678	docs: fix the explanation of the TLS challenge	2024-01-02 18:46:05 +01:00
Ari Yonaty	74ab88d47e	docs: fix description for anonymous usage statistics references	2024-01-02 18:20:06 +01:00
sven	6df9578ace	Update wording of compose example	2024-01-02 17:56:06 +01:00
sven	cd7d324295	Documentation enhancements	2024-01-02 17:30:06 +01:00
Landry Benguigui	0e92b02474	Deprecate IPWhiteList middleware in favor of IPAllowList Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2024-01-02 17:04:06 +01:00
Julien Salleyron	9662cdca64	Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints	2024-01-02 16:40:06 +01:00
Baptiste Mayelle	3dfaa3d5fa	Add Redis Sentinel support Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2024-01-02 16:16:05 +01:00
Baptiste Mayelle	60123a8f3f	Hash WRR sticky cookies Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2024-01-02 15:52:05 +01:00
Michael	2a7b2ef772	chore: happy new year 2024	2024-01-02 15:28:09 +01:00
Ludovic Fernandez	0a79643001	Prepare release v2.10.7	2023-12-06 16:42:09 +01:00
Suyash Choudhary	e77a66c2ac	Fixed datadog logs json format issue	2023-12-06 14:36:05 +01:00
Romain	dae0491b61	Prepare release v2.10.6	2023-11-28 15:46:10 +01:00
Никита Тимофеев	f4ddf25e41	Fixed stripPrefix middleware is not applied to retried attempts	2023-11-24 09:30:06 +01:00
Michael	789046f162	feat: upgrade codegen for kubernetes to v0.28.3	2023-11-22 11:28:06 +01:00
Romain	186e3e1541	Refuse recursive requests Co-authored-by: Michael <michael.matur@gmail.com>	2023-11-21 15:08:06 +01:00
Arend Hummeling	088fe3c270	docs: improve errorpages examples to avoid confusion	2023-11-17 16:30:06 +01:00
Ludovic Fernandez	553ef94047	chore: update linter	2023-11-17 01:50:06 +01:00
Landry Benguigui	12e50e20e6	Deny request with fragment in URL path Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2023-11-16 16:54:07 +01:00
Gérald Croës	cd326654a7	Guidelines Update	2023-11-15 11:24:05 +01:00
Gérald Croës	3de29433f8	docs: better visibility of the review process + maintainers team	2023-11-14 08:44:06 +01:00
Baptiste Mayelle	84516f962d	Remove backoff for http challenge Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2023-11-13 15:58:09 +01:00
Suyash Choudhary	f92b03a44d	Rephrase BasicAuth and DigestAuth docs	2023-11-10 09:32:05 +01:00
Kevin Pollet	085b70c94e	chore: update github.com/hashicorp/consul/api Co-authored-by: lbenguigui <lbenguigui@gmail.com>	2023-11-09 16:58:06 +01:00
Kevin Pollet	0e66ed87f8	Add @lbenguigui to maintainers	2023-11-09 15:28:05 +01:00
Michael	679975beec	fix: datadog tracer	2023-10-27 09:14:05 +02:00
Romain	8faed97e74	Add a mention for the host header in metrics headers labels doc Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>	2023-10-18 13:44:05 +02:00
Tom Moulard	0b4c582088	Update quic-go to v0.39.1	2023-10-17 17:00:06 +02:00
Michael	6a34f238ce	Prepare release v2.10.5	2023-10-11 15:50:05 +02:00
Romain	4b2c763cf3	update x/net and grpc/grpc-go Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com> Co-authored-by: lbenguigui <lbenguigui@gmail.com>	2023-10-11 12:48:05 +02:00
Dave Bendit	d03d8d53fd	Add missing accessControlAllowOriginListRegex to middleware view	2023-10-11 09:52:05 +02:00
Romain	e95fde5652	Fix preflight response status in access logs Co-authored-by: lbenguigui <lbenguigui@gmail.com>	2023-09-29 12:18:06 +02:00
Niall Newman	ab7993428d	Improve CNAME flattening to avoid unnecessary error logging	2023-09-28 12:00:06 +02:00
Romain	b966215e6c	Move origin fields capture to service level Co-authored-by: lbenguigui <lbenguigui@gmail.com>	2023-09-27 15:22:06 +02:00
Harold Ozouf	b786f58f80	fix: false positive in url anonymization	2023-09-26 08:28:25 +02:00
Yakun Sun	173154cf59	Ignore ErrKeyNotFound error for the KV provider	2023-09-25 16:38:07 +02:00
Ludovic Fernandez	c3880a69ca	Update quic-go to v0.39.0	2023-09-25 09:08:07 +02:00
Romain	4d63eb30f9	Allow X-Forwarded-For delete operation Co-authored-by: landrybe <lbenguigui@gmail.com>	2023-09-22 11:00:07 +02:00
Dylan Rodgers	dbc679dc30	Updates business callout in the documentation	2023-09-13 18:38:05 +02:00
Thomas Decaux	fc7f732029	doc: fix accessControlAllowHeaders examples	2023-09-12 23:52:05 +02:00
JabJ	ba912e1a93	Change Arvancloud URL	2023-09-09 15:26:05 +02:00
Weida Hong	3216c8ab10	Adjust forward auth to avoid connection leak	2023-09-09 12:36:05 +02:00
Ludovic Fernandez	561c580701	Update quic-go to v0.38.1	2023-09-05 09:34:05 +02:00
Ludovic Fernandez	3fd5c747a2	Update go-acme/lego to v4.14.0	2023-08-22 10:02:05 +02:00
Ludovic Fernandez	b6b6cef3da	Update quic-go to v0.38.0	2023-08-22 09:36:05 +02:00
Ludovic Fernandez	d651d1e7cf	Update quic-go to v0.37.6	2023-08-21 09:10:05 +02:00
Ludovic Fernandez	6f22b9e0a7	Update quic-go to v0.37.5	2023-08-17 15:40:05 +02:00
Ludovic Fernandez	f29325c679	Update to go1.21	2023-08-16 17:50:06 +02:00
Ludovic Fernandez	57780d8004	Update go-acme/lego to v4.13.3	2023-08-14 15:30:06 +02:00
Romain	1d85515aac	Remove healthcheck interval configuration warning	2023-08-08 18:10:05 +02:00
Aaron	d948784d38	correct minor typo in crd-acme docs	2023-08-08 10:00:05 +02:00
Michael	1ddb0afb24	fix: reduce disk usage during release Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>	2023-08-04 12:26:05 +02:00
Ludovic Fernandez	f518676238	Replace old security form by the GitHub report system	2023-07-27 16:50:06 +02:00
Alex Zhang	db3e8a7f5a	docs: describe the missing db parameter in redis provider	2023-07-27 16:02:05 +02:00
Ludovic Fernandez	0bd367ebbd	Prepare release v2.10.4	2023-07-24 16:44:05 +02:00
Ludovic Fernandez	3f93e9ea71	Remove CodeQL workflow from PR	2023-07-24 14:00:05 +02:00
Ludovic Fernandez	1709f3854c	Update go-acme/lego to v4.13.2	2023-07-24 09:32:05 +02:00
Ludovic Fernandez	ebde81e91c	chore: remove dead static configuration references	2023-07-24 08:40:05 +02:00
Ludovic Fernandez	47faae25d7	fix: traceability of the middleware plugins	2023-07-20 15:02:07 +02:00
Ludovic Fernandez	7792d197e6	Update go-acme/lego to v4.13.0	2023-07-20 14:36:07 +02:00
Jorge	deb4235028	Add CodeQL workflow	2023-07-20 04:10:05 +02:00
Ludovic Fernandez	bed6069e82	fix: avoid panic on resource backends	2023-07-19 17:36:06 +02:00
Massimiliano D	e29da5ad65	Updates the Hub tooltip content using a web component and adds an option to disable Hub button	2023-07-19 16:56:05 +02:00
Antony Chazapis	48de3b0230	Add support for RISC-V	2023-07-19 12:34:05 +02:00
Michael	00048a8351	fix: integration test with Go v1.20.6	2023-07-18 18:50:05 +02:00
Ludovic Fernandez	2df5defd36	chore: fix PyYAML version	2023-07-18 18:22:55 +02:00
Michael	aaa763b7af	Upgrade docs build stack	2023-07-10 13:48:05 +02:00
Gérald Croës	8a68ece2cc	Update maintainers guidelines	2023-07-03 15:10:05 +02:00
Romain	0a861716d4	Update release documentation	2023-06-20 17:12:05 +02:00
Ludovic Fernandez	7741c68eaa	Prepare release v2.10.3	2023-06-19 18:14:30 +02:00
Ludovic Fernandez	18077ff69a	Update go-acme/lego to v4.12.2	2023-06-19 18:08:05 +02:00
Michael	fa555d0d29	fix: Remove unnecessary data on release ci	2023-06-19 17:34:05 +02:00
Jakob Miksch	0e5898b2f8	Minor Typo	2023-06-19 14:36:05 +02:00
Ludovic Fernandez	aae76408e2	Prepare release v2.10.2	2023-06-19 12:00:06 +02:00
green1052	9cc9ed6a0c	Fix typo	2023-06-17 21:52:05 +02:00
LandryBe	e62fe64ec9	Encode query semicolons Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2023-06-15 18:20:06 +02:00
Romain	6885e410f0	Support informational headers in middlewares redefining the response writer. Co-authored-by: LandryBe <lbenguigui@gmail.com>	2023-06-14 17:42:44 +02:00
Philipp Trulson	68ed875966	Update DataDog tracing dependency to v1.50.1	2023-06-14 17:00:06 +02:00
Romain	d1bdeb3a92	Fix missing trailer with custom errors middleware Co-authored-by: LandryBe <lbenguigui@gmail.com>	2023-06-14 14:48:05 +02:00
Dylan Rodgers	878e7de56a	Add business callouts	2023-06-09 09:18:05 +02:00
Ludovic Fernandez	27353d0740	Update go-acme/lego to v4.12.1	2023-06-07 09:30:05 +02:00
Ludovic Fernandez	c5f23493ab	chore: update linter	2023-06-05 10:24:06 +02:00
Chromo-residuum-opec	db515195f0	docs: fix over-indented yaml configuration of access logs	2023-06-04 08:00:05 +02:00
Ludovic Fernandez	9aa57f362b	fix: improve error messages related to plugins	2023-06-02 11:34:06 +02:00
João Silva	6977b68b72	Fix multiple subsets endpoint	2023-05-31 11:40:05 +02:00
Ludovic Fernandez	8d8717d421	Update go-acme/lego to v4.12.0	2023-05-29 13:04:05 +02:00
Erikas	021f37ff71	Do not check for wildcard domains for non DNS challenge	2023-05-16 16:00:06 +02:00
Ludovic Fernandez	511762cbf3	fix: clean code related to Hub	2023-05-15 16:38:05 +02:00
Ludovic Fernandez	1522afe2ec	doc: add logo for GitHub dark mode	2023-05-10 09:54:05 +02:00
Romain	9c73c4c584	Enable Prometheus provider cleanup when only the router's metrics level is activated Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2023-05-09 17:38:05 +02:00
Ludovic Fernandez	8f206ce319	Update go-acme/lego to v4.11.0	2023-05-03 10:20:05 +02:00
Romain	65c59c9a09	Add FAQ documentation about TLS certificates	2023-04-28 17:56:05 +02:00
mloiseleur	e044e2b765	chore: update CI base OS	2023-04-28 15:36:05 +02:00