Prepare release v2.10.1

Co-authored-by: Romain <rtribotte@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -6,12 +6,14 @@ body:
     attributes:
       label: Welcome!
       description: |
-        The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following:
+        The issue tracker is for reporting bugs and feature requests only.
-        - the Traefik community forum: https://community.traefik.io/
+        For end-user related support questions, please use the [Traefik community forum](https://community.traefik.io/).
 
-        The configurations between 1.X and 2.X are NOT compatible. Please have a look [here](https://doc.traefik.io/traefik/getting-started/configuration-overview/).
+        All new/updated issues are triaged regularly by the maintainers.
+        All issues closed by a bot are subsequently double-checked by the maintainers.
 
         DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
+
       options:
         - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any.
           required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,16 +2,16 @@
 PLEASE READ THIS MESSAGE.
 
 Documentation fixes or enhancements:
-- for Traefik v1: use branch v1.7
+- for Traefik v2: use branch v2.10
-- for Traefik v2: use branch v2.8
+- for Traefik v3: use branch v3.0
 
 Bug fixes:
-- for Traefik v1: use branch v1.7
+- for Traefik v2: use branch v2.10
-- for Traefik v2: use branch v2.8
+- for Traefik v3: use branch v3.0
 
 Enhancements:
-- for Traefik v1: we only accept bug fixes
+- for Traefik v2: we only accept bug fixes
-- for Traefik v2: use branch master
+- for Traefik v3: use branch master
 
 HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
 

.github/workflows/build.yaml

@@ -6,7 +6,7 @@ on:
       - '*'
 
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.20'
   CGO_ENABLED: 0
   IN_DOCKER: ""
 
@@ -56,7 +56,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache Go modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod

.github/workflows/check_doc.yml

@@ -19,3 +19,7 @@ jobs:
 
       - name: Check documentation
         run: make docs-pull-images docs
+        env:
+          # These variables are not passed to workflows that are triggered by a pull request from a fork.
+          DOCS_VERIFY_SKIP: ${{ vars.DOCS_VERIFY_SKIP }}
+          DOCS_LINT_SKIP: ${{ vars.DOCS_LINT_SKIP }}

.github/workflows/documentation.yml

@@ -7,7 +7,7 @@ on:
       - v*
 
 env:
-  STRUCTOR_VERSION: v1.11.2
+  STRUCTOR_VERSION: v1.13.2
   MIXTUS_VERSION: v0.4.1
 
 jobs:
@@ -41,7 +41,7 @@ jobs:
       - name: Build documentation
         run: $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
         env:
-          STRUCTOR_LATEST_TAG: ${{ secrets.STRUCTOR_LATEST_TAG }}
+          STRUCTOR_LATEST_TAG: ${{ vars.STRUCTOR_LATEST_TAG }}
 
       - name: Apply seo
         run: $HOME/bin/seo -path=./site -product=traefik

.github/workflows/test-unit.yaml

@@ -6,7 +6,7 @@ on:
       - '*'
 
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.20'
   IN_DOCKER: ""
 
 jobs:
@@ -31,7 +31,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache Go modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod

.github/workflows/validate.yaml

@@ -6,9 +6,9 @@ on:
       - '*'
 
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.20'
-  GOLANGCI_LINT_VERSION: v1.49.0
+  GOLANGCI_LINT_VERSION: v1.52.2
-  MISSSPELL_VERSION: v0.3.4
+  MISSSPELL_VERSION: v0.4.0
   IN_DOCKER: ""
 
 jobs:
@@ -33,7 +33,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache Go modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -45,7 +45,7 @@ jobs:
         run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
 
       - name: Install missspell ${{ env.MISSSPELL_VERSION }}
-        run: curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
+        run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
 
       - name: Avoid generating webui
         run: touch webui/static/index.html
@@ -73,7 +73,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache Go modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod

.golangci.toml

@@ -1,246 +0,0 @@
-[run]
-  timeout = "10m"
-  skip-files = []
-  skip-dirs = [
-    "pkg/provider/kubernetes/crd/generated/",
-  ]
-
-[linters-settings]
-
-  [linters-settings.govet]
-    check-shadowing = false
-
-  [linters-settings.golint]
-    min-confidence = 0.0
-
-  [linters-settings.gocyclo]
-    min-complexity = 14.0
-
-  [linters-settings.goconst]
-    min-len = 3.0
-    min-occurrences = 4.0
-
-  [linters-settings.misspell]
-    locale = "US"
-
-  [linters-settings.funlen]
-    lines = 230 # default 60
-    statements = 120 # default 40
-
-  [linters-settings.forbidigo]
-    forbid = [
-      '^print(ln)?$',
-      '^spew\.Print(f|ln)?$',
-      '^spew\.Dump$',
-    ]
-
-  [linters-settings.depguard]
-    list-type = "blacklist"
-    include-go-root = false
-    packages = ["github.com/pkg/errors"]
-
-  [linters-settings.godox]
-    keywords = ["FIXME"]
-
-  [linters-settings.importas]
-    corev1 = "k8s.io/api/core/v1"
-    networkingv1beta1 = "k8s.io/api/networking/v1beta1"
-    extensionsv1beta1 = "k8s.io/api/extensions/v1beta1"
-    metav1 = "k8s.io/apimachinery/pkg/apis/meta/v1"
-    kubeerror = "k8s.io/apimachinery/pkg/api/errors"
-    composeapi = "github.com/docker/compose/v2/pkg/api"
-
-  [linters-settings.revive]
-    [[linters-settings.revive.rules]]
-      name = "struct-tag"
-    [[linters-settings.rules]]
-      name = "blank-imports"
-    [[linters-settings.rules]]
-      name = "context-as-argument"
-    [[linters-settings.rules]]
-      name = "context-keys-type"
-    [[linters-settings.rules]]
-      name = "dot-imports"
-    [[linters-settings.rules]]
-      name = "error-return"
-    [[linters-settings.rules]]
-      name = "error-strings"
-    [[linters-settings.rules]]
-      name = "error-naming"
-    [[linters-settings.rules]]
-      name = "exported"
-    [[linters-settings.rules]]
-      name = "if-return"
-    [[linters-settings.rules]]
-      name = "increment-decrement"
-    [[linters-settings.rules]]
-      name = "var-naming"
-    [[linters-settings.rules]]
-      name = "var-declaration"
-    [[linters-settings.rules]]
-      name = "package-comments"
-    [[linters-settings.rules]]
-      name = "range"
-    [[linters-settings.rules]]
-      name = "receiver-naming"
-    [[linters-settings.rules]]
-      name = "time-naming"
-    [[linters-settings.rules]]
-      name = "unexported-return"
-    [[linters-settings.rules]]
-      name = "indent-error-flow"
-    [[linters-settings.rules]]
-      name = "errorf"
-    [[linters-settings.rules]]
-      name = "empty-block"
-    [[linters-settings.rules]]
-      name = "superfluous-else"
-    [[linters-settings.rules]]
-      name = "unused-parameter"
-    [[linters-settings.rules]]
-      name = "unreachable-code"
-    [[linters-settings.rules]]
-      name = "redefines-builtin-id"
-
-  [linters-settings.gomoddirectives]
-    replace-allow-list = [
-      "github.com/abbot/go-http-auth",
-      "github.com/go-check/check",
-      "github.com/gorilla/mux",
-      "github.com/mailgun/minheap",
-      "github.com/mailgun/multibuf",
-      "github.com/jaguilar/vt100",
-    ]
-
-[linters]
-  enable-all = true
-  disable = [
-    "scopelint", # Deprecated
-    "interfacer", # Deprecated
-    "maligned", # Deprecated
-    "golint", # Deprecated
-    "exhaustivestruct",# Deprecated
-    "nosnakecase", # Deprecated
-    "ifshort", # Deprecated
-    "structcheck", # Deprecated
-    "varcheck", # Deprecated
-    "deadcode", # Deprecated
-    "execinquery", # Not relevant (SQL)
-    "sqlclosecheck", # Not relevant (SQL)
-    "rowserrcheck", # Not relevant (SQL)
-    "lll", # Not relevant
-    "gocyclo", # FIXME must be fixed
-    "cyclop", # Duplicate of gocyclo
-    "gocognit", # Too strict
-    "nestif", # Too many false-positive.
-    "prealloc", # Too many false-positive.
-    "makezero", # Not relevant
-    "dupl", # Too strict
-    "gosec", # Too strict
-    "gochecknoinits",
-    "gochecknoglobals",
-    "wsl", # Too strict
-    "nlreturn", # Not relevant
-    "gomnd", # Too strict
-    "stylecheck", # skip because report issues related to some generated files.
-    "testpackage", # Too strict
-    "tparallel", # Not relevant
-    "paralleltest", # Not relevant
-    "exhaustive", # Not relevant
-    "exhaustruct", # duplicate of exhaustivestruct
-    "goerr113", # Too strict
-    "wrapcheck", # Too strict
-    "noctx", # Too strict
-    "bodyclose", # Too many false-positive and panics.
-    "forcetypeassert", # Too strict
-    "tagliatelle", # Not compatible with current tags.
-    "varnamelen", # not relevant
-    "nilnil", # not relevant
-    "ireturn", # not relevant
-    "contextcheck", # too many false-positive
-    "containedctx", # too many false-positive
-    "maintidx", # kind of duplicate of gocyclo
-    "nonamedreturns", # not relevant
-  ]
-
-[issues]
-  exclude-use-default = false
-  max-per-linter = 0
-  max-same-issues = 0
-  exclude = [
-    "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked",
-    "should have a package comment, unless it's in another file for this package",
-    "SA1019: http.CloseNotifier has been deprecated",  # FIXME must be fixed
-    "SA1019: cfg.SSLRedirect is deprecated",
-    "SA1019: cfg.SSLTemporaryRedirect is deprecated",
-    "SA1019: cfg.SSLHost is deprecated",
-    "SA1019: cfg.SSLForceHost is deprecated",
-    "SA1019: cfg.FeaturePolicy is deprecated",
-    "SA1019: c.Providers.ConsulCatalog.Namespace is deprecated",
-    "SA1019: c.Providers.Consul.Namespace is deprecated",
-  ]
- [[issues.exclude-rules]]
-    path = "(.+)_test.go"
-    linters = ["goconst", "funlen", "godot", "nosnakecase"]
- [[issues.exclude-rules]]
-    path = "(.+)_test.go"
-    text = " always receives "
-    linters = [ "unparam" ]
- [[issues.exclude-rules]]
-    path = "integration/.+_test.go"
-    text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
- [[issues.exclude-rules]]
-    path = "integration/(consul_catalog_test|constraint_test).go"
-    text = "Error return value of `(s.deregisterService|s.deregisterAgentService)` is not checked"
- [[issues.exclude-rules]]
-    path = "integration/grpc_test.go"
-    text = "Error return value of `closer` is not checked"
- [[issues.exclude-rules]]
-    path = "pkg/h2c/h2c.go"
-    text = "Error return value of `rw.Write` is not checked"
- [[issues.exclude-rules]]
-    path = "pkg/provider/docker/builder_test.go"
-    text = "(U1000: func )?`(.+)` is unused"
- [[issues.exclude-rules]]
-    path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
-    text = "(U1000: func )?`(.+)` is unused"
- [[issues.exclude-rules]]
-    path = "pkg/server/service/bufferpool.go"
-    text = "SA6002: argument should be pointer-like to avoid allocations"
- [[issues.exclude-rules]]
-    path = "cmd/configuration.go"
-    text = "string `traefik` has (\\d) occurrences, make it a constant"
- [[issues.exclude-rules]]
-    path = "pkg/server/middleware/middlewares.go"
-    text = "Function 'buildConstructor' has too many statements"
- [[issues.exclude-rules]]
-    path = "pkg/tracing/haystack/logger.go"
-    linters = ["goprintffuncname"]
- [[issues.exclude-rules]]
-    path = "pkg/tracing/tracing.go"
-    text = "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
- [[issues.exclude-rules]]
-    path = "pkg/log/deprecated.go"
-    linters = ["godot"]
- [[issues.exclude-rules]]
-    path = "(.+)\\.go"
-    text = "struct-tag: unknown option 'inline' in JSON tag"
- [[issues.exclude-rules]]
-    path = "pkg/server/router/tcp/manager.go"
-    text = "Function 'buildEntryPointHandler' is too long (.+)"
- [[issues.exclude-rules]]
-    path = "pkg/tls/tlsmanager_test.go"
-    text = "SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18"
- [[issues.exclude-rules]]
-    path = "pkg/types/tls_test.go"
-    text = "SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18"
- [[issues.exclude-rules]]
-    path = "pkg/provider/kubernetes/(crd|gateway)/client.go"
-    linters = ["interfacebloat"]
- [[issues.exclude-rules]]
-    path = "pkg/metrics/metrics.go"
-    linters = ["interfacebloat"]
- [[issues.exclude-rules]]
-    path = "pkg/provider/acme/provider.go"
-    text = "\\(\\*Provider\\)\\.resolveCertificate - result 0 \\(\\*github.com/go-acme/lego/v4/certificate.Resource\\) is never used"
-

.golangci.yml

@@ -0,0 +1,267 @@
+run:
+  timeout: 10m
+  skip-files: []
+  skip-dirs:
+    - pkg/provider/kubernetes/crd/generated/
+
+linters-settings:
+  govet:
+    enable-all: true
+    disable:
+      - shadow
+      - fieldalignment
+  gocyclo:
+    min-complexity: 14
+  goconst:
+    min-len: 3
+    min-occurrences: 4
+  misspell:
+    locale: US
+  funlen:
+    lines: -1
+    statements: 120
+  forbidigo:
+    forbid:
+      - ^print(ln)?$
+      - ^spew\.Print(f|ln)?$
+      - ^spew\.Dump$
+  depguard:
+    list-type: denylist
+    include-go-root: false
+    packages:
+      - github.com/pkg/errors
+  godox:
+    keywords:
+      - FIXME
+  importas:
+    no-unaliased: true
+    alias:
+      - alias: composeapi
+        pkg: github.com/docker/compose/v2/pkg/api
+
+      # Standard Kubernetes rewrites:
+      - alias: corev1
+        pkg: "k8s.io/api/core/v1"
+      - alias: netv1
+        pkg: "k8s.io/api/networking/v1"
+      - alias: netv1beta1
+        pkg: "k8s.io/api/networking/v1beta1"
+      - alias: admv1
+        pkg: "k8s.io/api/admission/v1"
+      - alias: admv1beta1
+        pkg: "k8s.io/api/admission/v1beta1"
+      - alias: extv1beta1
+        pkg: "k8s.io/api/extensions/v1beta1"
+      - alias: metav1
+        pkg: "k8s.io/apimachinery/pkg/apis/meta/v1"
+      - alias: ktypes
+        pkg: "k8s.io/apimachinery/pkg/types"
+      - alias: kerror
+        pkg: "k8s.io/apimachinery/pkg/api/errors"
+      - alias: kclientset
+        pkg: "k8s.io/client-go/kubernetes"
+      - alias: kinformers
+        pkg: "k8s.io/client-go/informers"
+      - alias: ktesting
+        pkg: "k8s.io/client-go/testing"
+      - alias: kschema
+        pkg: "k8s.io/apimachinery/pkg/runtime/schema"
+      - alias: kscheme
+        pkg: "k8s.io/client-go/kubernetes/scheme"
+      - alias: kversion
+        pkg: "k8s.io/apimachinery/pkg/version"
+      - alias: kubefake
+        pkg: "k8s.io/client-go/kubernetes/fake"
+      - alias: discoveryfake
+        pkg: "k8s.io/client-go/discovery/fake"
+
+      # Kubernetes Gateway rewrites:
+      - alias: gateclientset
+        pkg: "sigs.k8s.io/gateway-api/pkg/client/clientset/gateway/versioned"
+      - alias: gateinformers
+        pkg: "sigs.k8s.io/gateway-api/pkg/client/informers/gateway/externalversions"
+      - alias: gatev1alpha2
+        pkg: "sigs.k8s.io/gateway-api/apis/v1alpha2"
+
+      # Traefik Kubernetes rewrites:
+      - alias: containousv1alpha1
+        pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikcontainous/v1alpha1"
+      - alias: traefikv1alpha1
+        pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
+      - alias: traefikclientset
+        pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned"
+      - alias: traefikinformers
+        pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/informers/externalversions"
+      - alias: traefikscheme
+        pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme"
+      - alias: traefikcrdfake
+        pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake"
+  tagalign:
+    align: false
+    sort: true
+    order:
+      - description
+      - json
+      - toml
+      - yaml
+      - yml
+      - label
+      - label-slice-as-struct
+      - file
+      - kv
+      - export
+  revive:
+    rules:
+      - name: struct-tag
+      - name: blank-imports
+      - name: context-as-argument
+      - name: context-keys-type
+      - name: dot-imports
+      - name: error-return
+      - name: error-strings
+      - name: error-naming
+      - name: exported
+        disabled: true
+      - name: if-return
+      - name: increment-decrement
+      - name: var-naming
+      - name: var-declaration
+      - name: package-comments
+        disabled: true
+      - name: range
+      - name: receiver-naming
+      - name: time-naming
+      - name: unexported-return
+      - name: indent-error-flow
+      - name: errorf
+      - name: empty-block
+      - name: superfluous-else
+      - name: unused-parameter
+        disabled: true
+      - name: unreachable-code
+      - name: redefines-builtin-id
+  gomoddirectives:
+    replace-allow-list:
+      - github.com/abbot/go-http-auth
+      - github.com/go-check/check
+      - github.com/gorilla/mux
+      - github.com/mailgun/minheap
+      - github.com/mailgun/multibuf
+      - github.com/jaguilar/vt100
+
+linters:
+  enable-all: true
+  disable:
+    - deadcode # deprecated
+    - exhaustivestruct # deprecated
+    - golint # deprecated
+    - ifshort # deprecated
+    - interfacer # deprecated
+    - maligned # deprecated
+    - nosnakecase # deprecated
+    - scopelint # deprecated
+    - scopelint # deprecated
+    - structcheck # deprecated
+    - varcheck # deprecated
+    - sqlclosecheck # not relevant (SQL)
+    - rowserrcheck # not relevant (SQL)
+    - execinquery # not relevant (SQL)
+    - cyclop # duplicate of gocyclo
+    - lll # Not relevant
+    - gocyclo # FIXME must be fixed
+    - gocognit # Too strict
+    - nestif # Too many false-positive.
+    - prealloc # Too many false-positive.
+    - makezero # Not relevant
+    - dupl # Too strict
+    - gosec # Too strict
+    - gochecknoinits
+    - gochecknoglobals
+    - wsl # Too strict
+    - nlreturn # Not relevant
+    - gomnd # Too strict
+    - stylecheck # skip because report issues related to some generated files.
+    - testpackage # Too strict
+    - tparallel # Not relevant
+    - paralleltest # Not relevant
+    - exhaustive # Not relevant
+    - exhaustruct # Not relevant
+    - goerr113 # Too strict
+    - wrapcheck # Too strict
+    - noctx # Too strict
+    - bodyclose # too many false-positive
+    - forcetypeassert # Too strict
+    - tagliatelle # Too strict
+    - varnamelen # Not relevant
+    - nilnil # Not relevant
+    - ireturn # Not relevant
+    - contextcheck # too many false-positive
+    - containedctx # too many false-positive
+    - maintidx # kind of duplicate of gocyclo
+    - nonamedreturns # Too strict
+
+issues:
+  exclude-use-default: false
+  max-per-linter: 0
+  max-same-issues: 0
+  exclude:
+    - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
+    - "should have a package comment, unless it's in another file for this package"
+    - 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
+    - 'SA1019: cfg.SSLRedirect is deprecated'
+    - 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
+    - 'SA1019: cfg.SSLHost is deprecated'
+    - 'SA1019: cfg.SSLForceHost is deprecated'
+    - 'SA1019: cfg.FeaturePolicy is deprecated'
+    - 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
+    - 'SA1019: c.Providers.Consul.Namespace is deprecated'
+    - 'SA1019: c.Providers.Nomad.Namespace is deprecated'
+  exclude-rules:
+    - path: '(.+)_test.go'
+      linters:
+        - goconst
+        - funlen
+        - godot
+    - path: '(.+)_test.go'
+      text: ' always receives '
+      linters:
+        - unparam
+    - path: '(.+)\.go'
+      text: 'struct-tag: unknown option ''inline'' in JSON tag'
+      linters:
+        - revive
+    - path: pkg/server/service/bufferpool.go
+      text: 'SA6002: argument should be pointer-like to avoid allocations'
+    - path: pkg/server/middleware/middlewares.go
+      text: "Function 'buildConstructor' has too many statements"
+      linters:
+        - funlen
+    - path: pkg/tracing/haystack/logger.go
+      linters:
+        - goprintffuncname
+    - path: pkg/tracing/tracing.go
+      text: "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
+      linters:
+        - goprintffuncname
+    - path: pkg/tls/tlsmanager_test.go
+      text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18'
+    - path: pkg/types/tls_test.go
+      text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18'
+    - path: pkg/provider/kubernetes/(crd|gateway)/client.go
+      linters:
+        - interfacebloat
+    - path: pkg/metrics/metrics.go
+      linters:
+        - interfacebloat
+    - path: integration/healthcheck_test.go
+      text: 'Duplicate words \(wsp2,\) found'
+      linters:
+        - dupword
+    - path: pkg/types/domain_test.go
+      text: 'Duplicate words \(sub\) found'
+      linters:
+        - dupword
+    - path: pkg/provider/kubernetes/gateway/client_mock_test.go
+      text: 'unusedwrite: unused write to field'
+      linters:
+        - govet

.goreleaser.yml

@@ -22,22 +22,23 @@ builds:
       - openbsd
     goarch:
       - amd64
-      - 386
+      - '386'
       - arm
       - arm64
       - ppc64le
       - s390x
     goarm:
-      - 7
+      - '7'
-      - 6
+      - '6'
-      - 5
     ignore:
       - goos: darwin
-        goarch: 386
+        goarch: '386'
       - goos: openbsd
         goarch: arm
       - goos: openbsd
         goarch: arm64
+      - goos: freebsd
+        goarch: arm
       - goos: freebsd
         goarch: arm64
       - goos: windows

.semaphore/semaphore.yml

@@ -19,13 +19,13 @@ global_job_config:
   prologue:
     commands:
       - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
-      - sudo semgo go1.19
+      - sudo semgo go1.20
       - export "GOPATH=$(go env GOPATH)"
       - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
       - export "PATH=${GOPATH}/bin:${PATH}"
       - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
       - export GOPROXY=https://proxy.golang.org,direct
-      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.49.0
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.52.2
       - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
       - checkout
       - cache restore traefik-$(checksum go.sum)
@@ -64,7 +64,7 @@ blocks:
         - name: GH_VERSION
           value: 1.12.1
         - name: CODENAME
-          value: "beaufort"
+          value: "saintmarcelin"
         - name: IN_DOCKER
           value: ""
       prologue:

CHANGELOG.md

@@ -1,3 +1,298 @@
+## [v2.10.1](https://github.com/traefik/traefik/tree/v2.10.1) (2023-04-27)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.0...v2.10.1)
+
+**Bug fixes:**
+- **[middleware,oxy]** Update vulcand/oxy to be5cf38 ([#9874](https://github.com/traefik/traefik/pull/9874) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- Fix v2.10 migration guide ([#9863](https://github.com/traefik/traefik/pull/9863) by [rtribotte](https://github.com/rtribotte))
+
+## [v2.10.0](https://github.com/traefik/traefik/tree/v2.10.0) (2023-04-24)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.10.0)
+
+**Enhancements:**
+- **[docker]** Expose ContainerName in Docker provider ([#9770](https://github.com/traefik/traefik/pull/9770) by [quinot](https://github.com/quinot))
+- **[hub]** Remove hub configuration out of experimental ([#9792](https://github.com/traefik/traefik/pull/9792) by [mpl](https://github.com/mpl))
+- **[k8s/crd]** Introduce traefik.io API Group CRDs ([#9765](https://github.com/traefik/traefik/pull/9765) by [rtribotte](https://github.com/rtribotte))
+- **[k8s/ingress,k8s/crd,k8s]** Native Kubernetes service load-balancing ([#9740](https://github.com/traefik/traefik/pull/9740) by [rtribotte](https://github.com/rtribotte))
+- **[middleware,metrics]** Add prometheus metric requests_total with headers ([#9783](https://github.com/traefik/traefik/pull/9783) by [rtribotte](https://github.com/rtribotte))
+- **[nomad]** Support multiple namespaces in the Nomad Provider ([#9794](https://github.com/traefik/traefik/pull/9794) by [rtribotte](https://github.com/rtribotte))
+- **[tracing]** Add support to send DataDog traces via Unix Socket ([#9714](https://github.com/traefik/traefik/pull/9714) by [der-eismann](https://github.com/der-eismann))
+- **[webui]** Modify the Hub Button ([#9851](https://github.com/traefik/traefik/pull/9851) by [mdeliatf](https://github.com/mdeliatf))
+- **[webui]** Display period setting of the RateLimit middleware in the webui ([#9822](https://github.com/traefik/traefik/pull/9822) by [smatyas](https://github.com/smatyas))
+
+**Bug fixes:**
+- **[docker]** Only warn about missing docker network when network_mode is not host or container ([#9799](https://github.com/traefik/traefik/pull/9799) by [sentriz](https://github.com/sentriz))
+- **[k8s/ingress,k8s]** Bump k8s.io/client-go from v0.22.1 to v0.26.3 ([#9808](https://github.com/traefik/traefik/pull/9808) by [ldez](https://github.com/ldez))
+- **[plugins]** Improve DeepCopy of PluginConf ([#9846](https://github.com/traefik/traefik/pull/9846) by [ldez](https://github.com/ldez))
+- **[plugins]** Update Yaegi to v0.15.1 ([#9815](https://github.com/traefik/traefik/pull/9815) by [ldez](https://github.com/ldez))
+- **[server]** Update vulcand/oxy to 03de175b3822 ([#9849](https://github.com/traefik/traefik/pull/9849) by [longit644](https://github.com/longit644))
+
+**Documentation:**
+- Prepare release v2.10.0-rc1 ([#9802](https://github.com/traefik/traefik/pull/9802) by [ldez](https://github.com/ldez))
+- Fix order of log levels ([#9791](https://github.com/traefik/traefik/pull/9791) by [svx](https://github.com/svx))
+- **[docker]** Update wording - add link descriptions ([#9816](https://github.com/traefik/traefik/pull/9816) by [svx](https://github.com/svx))
+- **[middleware]** Add accessControlAllowHeaders example ([#9810](https://github.com/traefik/traefik/pull/9810) by [yingshaoxo](https://github.com/yingshaoxo))
+- **[tls]** More details on Kubernetes options for mTLS ([#9835](https://github.com/traefik/traefik/pull/9835) by [mloiseleur](https://github.com/mloiseleur))
+- Prepare release v2.10.0-rc2 ([#9830](https://github.com/traefik/traefik/pull/9830) by [mpl](https://github.com/mpl))
+- Update Call To Actions ([#9824](https://github.com/traefik/traefik/pull/9824) by [svx](https://github.com/svx))
+- Improve concepts page ([#9813](https://github.com/traefik/traefik/pull/9813) by [svx](https://github.com/svx))
+- Update wording ([#9811](https://github.com/traefik/traefik/pull/9811) by [svx](https://github.com/svx))
+
+**Misc:**
+- Merge branch v2.9 into v2.10 ([#9798](https://github.com/traefik/traefik/pull/9798) by [ldez](https://github.com/ldez))
+- Merge branch v2.9 into v2.10 ([#9829](https://github.com/traefik/traefik/pull/9829) by [mpl](https://github.com/mpl))
+
+## [v2.10.0-rc2](https://github.com/traefik/traefik/tree/v2.10.0-rc2) (2023-04-07)
+[All Commits](https://github.com/traefik/traefik/compare/v2.10.0-rc1...v2.10.0-rc2)
+
+**Enhancements:**
+- **[webui]** Display period setting of the RateLimit middleware in the webui ([#9822](https://github.com/traefik/traefik/pull/9822) by [smatyas](https://github.com/smatyas))
+
+**Bug fixes:**
+- **[docker]** Only warn about missing docker network when network_mode is not host or container ([#9799](https://github.com/traefik/traefik/pull/9799) by [sentriz](https://github.com/sentriz))
+- **[k8s/ingress,k8s]** chore: bump k8s.io/client-go from v0.22.1 to v0.26.3 ([#9808](https://github.com/traefik/traefik/pull/9808) by [ldez](https://github.com/ldez))
+- **[plugins]** Update Yaegi to v0.15.1 ([#9815](https://github.com/traefik/traefik/pull/9815) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[docker]** Update wording - add link descriptions ([#9816](https://github.com/traefik/traefik/pull/9816) by [svx](https://github.com/svx))
+- **[middleware]** Add accessControlAllowHeaders example ([#9810](https://github.com/traefik/traefik/pull/9810) by [yingshaoxo](https://github.com/yingshaoxo))
+- Update Call To Actions ([#9824](https://github.com/traefik/traefik/pull/9824) by [svx](https://github.com/svx))
+- Improve concepts page ([#9813](https://github.com/traefik/traefik/pull/9813) by [svx](https://github.com/svx))
+- Update wording ([#9811](https://github.com/traefik/traefik/pull/9811) by [svx](https://github.com/svx))
+
+## [v2.9.10](https://github.com/traefik/traefik/tree/v2.9.10) (2023-04-06)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.9...v2.9.10)
+
+## [v2.10.0-rc1](https://github.com/traefik/traefik/tree/v2.10.0-rc1) (2023-03-22)
+[All Commits](https://github.com/traefik/traefik/compare/b3f162a8a61d89beaa9edc8adc12cc4cb3e1de0f...v2.10.0-rc1)
+
+**Enhancements:**
+- **[docker]** Expose ContainerName in Docker provider ([#9770](https://github.com/traefik/traefik/pull/9770) by [quinot](https://github.com/quinot))
+- **[hub]** hub: get out of experimental. ([#9792](https://github.com/traefik/traefik/pull/9792) by [mpl](https://github.com/mpl))
+- **[k8s/crd]** Introduce traefik.io API Group CRDs ([#9765](https://github.com/traefik/traefik/pull/9765) by [rtribotte](https://github.com/rtribotte))
+- **[k8s/ingress,k8s/crd,k8s]** Native Kubernetes service load-balancing ([#9740](https://github.com/traefik/traefik/pull/9740) by [rtribotte](https://github.com/rtribotte))
+- **[middleware,metrics]** Add prometheus metric requests_total with headers ([#9783](https://github.com/traefik/traefik/pull/9783) by [rtribotte](https://github.com/rtribotte))
+- **[nomad]** Support multiple namespaces in the Nomad Provider ([#9794](https://github.com/traefik/traefik/pull/9794) by [rtribotte](https://github.com/rtribotte))
+- **[tracing]** Add support to send DataDog traces via Unix Socket ([#9714](https://github.com/traefik/traefik/pull/9714) by [der-eismann](https://github.com/der-eismann))
+
+**Documentation:**
+- docs: update order of log levels ([#9791](https://github.com/traefik/traefik/pull/9791) by [svx](https://github.com/svx))
+
+**Misc:**
+- Merge current v2.9 into v2.10 ([#9798](https://github.com/traefik/traefik/pull/9798) by [ldez](https://github.com/ldez))
+
+## [v2.9.9](https://github.com/traefik/traefik/tree/v2.9.9) (2023-03-21)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.8...v2.9.9)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.10.2 ([#9749](https://github.com/traefik/traefik/pull/9749) by [ldez](https://github.com/ldez))
+- **[http3]** Update quic-go to v0.33.0 ([#9737](https://github.com/traefik/traefik/pull/9737) by [ldez](https://github.com/ldez))
+- **[metrics]** Include user-defined default cert for traefik_tls_certs_not_after metric ([#9742](https://github.com/traefik/traefik/pull/9742) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Update vulcand/oxy to a0e9f7ff1040 ([#9750](https://github.com/traefik/traefik/pull/9750) by [ldez](https://github.com/ldez))
+- **[nomad]** Fix default configuration settings for Nomad Provider ([#9758](https://github.com/traefik/traefik/pull/9758) by [aofei](https://github.com/aofei))
+- **[nomad]** Fix Nomad client TLS defaults ([#9795](https://github.com/traefik/traefik/pull/9795) by [rtribotte](https://github.com/rtribotte))
+- **[server]** Remove User-Agent header removal from ReverseProxy director func ([#9752](https://github.com/traefik/traefik/pull/9752) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[middleware]** Clarify ratelimit middleware ([#9777](https://github.com/traefik/traefik/pull/9777) by [mpl](https://github.com/mpl))
+- **[tcp]** Correcting variable name 'server address' in TCP Router ([#9743](https://github.com/traefik/traefik/pull/9743) by [ralphg6](https://github.com/ralphg6))
+
+## [v2.9.8](https://github.com/traefik/traefik/tree/v2.9.8) (2023-02-15)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.7...v2.9.8)
+
+**Bug fixes:**
+- **[server]** Update golang.org/x/net to v0.7.0 ([#9716](https://github.com/traefik/traefik/pull/9716) by [ldez](https://github.com/ldez))
+
+## [v2.9.7](https://github.com/traefik/traefik/tree/v2.9.7) (2023-02-14)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.6...v2.9.7)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.10.0 ([#9705](https://github.com/traefik/traefik/pull/9705) by [ldez](https://github.com/ldez))
+- **[ecs]** Prevent panicking when a container has no network interfaces ([#9661](https://github.com/traefik/traefik/pull/9661) by [rtribotte](https://github.com/rtribotte))
+- **[file]** Make file provider more resilient wrt first configuration ([#9595](https://github.com/traefik/traefik/pull/9595) by [mpl](https://github.com/mpl))
+- **[logs]** Differentiate UDP stream and TCP connection in logs ([#9687](https://github.com/traefik/traefik/pull/9687) by [rtribotte](https://github.com/rtribotte))
+- **[middleware]** Prevent from no rate limiting when average is zero ([#9621](https://github.com/traefik/traefik/pull/9621) by [witalisoft](https://github.com/witalisoft))
+- **[middleware]** Prevents superfluous WriteHeader call in the error middleware ([#9620](https://github.com/traefik/traefik/pull/9620) by [tomMoulard](https://github.com/tomMoulard))
+- **[middleware]** Sanitize X-Forwarded-Proto header in RedirectScheme middleware ([#9598](https://github.com/traefik/traefik/pull/9598) by [ldez](https://github.com/ldez))
+- **[plugins]** Update paerser to v0.2.0 ([#9671](https://github.com/traefik/traefik/pull/9671) by [ldez](https://github.com/ldez))
+- **[plugins]** Update Yaegi to v0.15.0 ([#9700](https://github.com/traefik/traefik/pull/9700) by [ldez](https://github.com/ldez))
+- **[tls,http3]** Bump quic-go to 89769f409f ([#9685](https://github.com/traefik/traefik/pull/9685) by [mpl](https://github.com/mpl))
+- **[tls,tcp]** Adds the support for IPv6 in the TCP HostSNI matcher ([#9692](https://github.com/traefik/traefik/pull/9692) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[acme]** Add CNAME support and gotchas ([#9698](https://github.com/traefik/traefik/pull/9698) by [mpl](https://github.com/mpl))
+- **[acme]** Further Let's Encrypt ratelimit warnings ([#9627](https://github.com/traefik/traefik/pull/9627) by [hcooper](https://github.com/hcooper))
+- **[k8s]** Add info admonition about routing to k8 services ([#9645](https://github.com/traefik/traefik/pull/9645) by [svx](https://github.com/svx))
+- **[k8s]** Improve TLSStore CRD documentation ([#9579](https://github.com/traefik/traefik/pull/9579) by [mloiseleur](https://github.com/mloiseleur))
+- **[middleware]** doc: add note about remoteaddr strategy ([#9701](https://github.com/traefik/traefik/pull/9701) by [mpl](https://github.com/mpl))
+- Update copyright to match new standard ([#9651](https://github.com/traefik/traefik/pull/9651) by [paulocfjunior](https://github.com/paulocfjunior))
+- Update copyright for 2023 ([#9631](https://github.com/traefik/traefik/pull/9631) by [kevinpollet](https://github.com/kevinpollet))
+- Update submitting pull requests to include language about drafts ([#9609](https://github.com/traefik/traefik/pull/9609) by [tfny](https://github.com/tfny))
+
+## [v2.9.6](https://github.com/traefik/traefik/tree/v2.9.6) (2022-12-07)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.5...v2.9.6)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.9.1 ([#9550](https://github.com/traefik/traefik/pull/9550) by [ldez](https://github.com/ldez))
+- **[k8s/crd]** Support of allowEmptyServices in TraefikService ([#9424](https://github.com/traefik/traefik/pull/9424) by [jeromeguiard](https://github.com/jeromeguiard))
+- **[logs]** Remove logs of the request ([#9574](https://github.com/traefik/traefik/pull/9574) by [ldez](https://github.com/ldez))
+- **[plugins]** Increase the timeout on plugin download ([#9529](https://github.com/traefik/traefik/pull/9529) by [ldez](https://github.com/ldez))
+- **[server]** Update golang.org/x/net ([#9582](https://github.com/traefik/traefik/pull/9582) by [ldez](https://github.com/ldez))
+- **[tls]** Handle broken TLS conf better ([#9572](https://github.com/traefik/traefik/pull/9572) by [mpl](https://github.com/mpl))
+- **[tracing]** Update DataDog tracing dependency to v1.43.1 ([#9526](https://github.com/traefik/traefik/pull/9526) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Add missing serialNumber passTLSClientCert option to middleware panel ([#9539](https://github.com/traefik/traefik/pull/9539) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[docker]** Add networking example ([#9542](https://github.com/traefik/traefik/pull/9542) by [Janik-Haag](https://github.com/Janik-Haag))
+- **[hub]** Add information about the Hub Agent ([#9560](https://github.com/traefik/traefik/pull/9560) by [nmengin](https://github.com/nmengin))
+- **[k8s/helm]** Update Helm installation section ([#9564](https://github.com/traefik/traefik/pull/9564) by [mloiseleur](https://github.com/mloiseleur))
+- **[middleware]** Clarify PathPrefix matcher greediness ([#9519](https://github.com/traefik/traefik/pull/9519) by [mpl](https://github.com/mpl))
+
+## [v2.9.5](https://github.com/traefik/traefik/tree/v2.9.5) (2022-11-17)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.4...v2.9.5)
+
+**Bug fixes:**
+- **[logs,middleware]** Create a new capture instance for each incoming request ([#9510](https://github.com/traefik/traefik/pull/9510) by [sdelicata](https://github.com/sdelicata))
+
+**Documentation:**
+- **[k8s/helm]** Update helm repository ([#9506](https://github.com/traefik/traefik/pull/9506) by [charlie-haley](https://github.com/charlie-haley))
+- Enhance wording of building-testing page ([#9509](https://github.com/traefik/traefik/pull/9509) by [svx](https://github.com/svx))
+- Add link descriptions and update wording ([#9507](https://github.com/traefik/traefik/pull/9507) by [svx](https://github.com/svx))
+- Removes the experimental tag on the Traefik Hub header ([#9498](https://github.com/traefik/traefik/pull/9498) by [tfny](https://github.com/tfny))
+
+## [v2.9.4](https://github.com/traefik/traefik/tree/v2.9.4) (2022-10-27)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.4)
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v4.9.0 ([#9413](https://github.com/traefik/traefik/pull/9413) by [tony-defa](https://github.com/tony-defa))
+- **[kv,redis]** Fix Redis configuration type ([#9435](https://github.com/traefik/traefik/pull/9435) by [ldez](https://github.com/ldez))
+- **[logs,middleware,metrics]** Handle capture on redefined http.responseWriters ([#9440](https://github.com/traefik/traefik/pull/9440) by [rtribotte](https://github.com/rtribotte))
+- **[middleware,k8s]** Remove raw cert escape in PassTLSClientCert middleware ([#9412](https://github.com/traefik/traefik/pull/9412) by [rtribotte](https://github.com/rtribotte))
+- **[plugins]** Update Yaegi to v0.14.3 ([#9468](https://github.com/traefik/traefik/pull/9468) by [ldez](https://github.com/ldez))
+- Remove side effect on default transport tests ([#9460](https://github.com/traefik/traefik/pull/9460) by [sdelicata](https://github.com/sdelicata))
+
+**Documentation:**
+- **[k8s]** Fix links to gateway API guides ([#9445](https://github.com/traefik/traefik/pull/9445) by [kevinpollet](https://github.com/kevinpollet))
+- Simplify dashboard rule example ([#9454](https://github.com/traefik/traefik/pull/9454) by [sosoba](https://github.com/sosoba))
+- Add v2.9 to release page ([#9438](https://github.com/traefik/traefik/pull/9438) by [kevinpollet](https://github.com/kevinpollet))
+
+## [v2.9.3](https://github.com/traefik/traefik/tree/v2.9.3) (2022-10-27)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.3)
+
+Release canceled.
+
+## [v2.9.2](https://github.com/traefik/traefik/tree/v2.9.2) (2022-10-27)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.1...v2.9.2)
+
+Release canceled.
+
+## [v2.9.1](https://github.com/traefik/traefik/tree/v2.9.1) (2022-10-03)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.9.1)
+
+**Enhancements:**
+- **[acme,tls]** ACME Default Certificate ([#9189](https://github.com/traefik/traefik/pull/9189) by [rtribotte](https://github.com/rtribotte))
+- **[consul,etcd,zk,kv,redis]** Update valkeyrie to v1.0.0 ([#9316](https://github.com/traefik/traefik/pull/9316) by [ldez](https://github.com/ldez))
+- **[consulcatalog,nomad]** Support Nomad canary deployment ([#9216](https://github.com/traefik/traefik/pull/9216) by [rtribotte](https://github.com/rtribotte))
+- **[consulcatalog]** Move consulcatalog provider to only use health apis ([#9140](https://github.com/traefik/traefik/pull/9140) by [kevinpollet](https://github.com/kevinpollet))
+- **[docker]** Add support for reaching containers using host networking on Podman ([#9190](https://github.com/traefik/traefik/pull/9190) by [freundTech](https://github.com/freundTech))
+- **[docker]** Use IPv6 address ([#9183](https://github.com/traefik/traefik/pull/9183) by [tomMoulard](https://github.com/tomMoulard))
+- **[docker]** Add allowEmptyServices for Docker provider ([#8690](https://github.com/traefik/traefik/pull/8690) by [jvasseur](https://github.com/jvasseur))
+- **[ecs]**  Add support for ECS Anywhere ([#9324](https://github.com/traefik/traefik/pull/9324) by [tuxpower](https://github.com/tuxpower))
+- **[healthcheck]** Add a method option to the service Health Check ([#9165](https://github.com/traefik/traefik/pull/9165) by [ddtmachado](https://github.com/ddtmachado))
+- **[http3]** Upgrade quic-go to v0.28.0 ([#9187](https://github.com/traefik/traefik/pull/9187) by [tomMoulard](https://github.com/tomMoulard))
+- **[http]** Start polling HTTP provider at the beginning ([#9116](https://github.com/traefik/traefik/pull/9116) by [moutoum](https://github.com/moutoum))
+- **[k8s/crd,plugins]** Load plugin configuration field value from Kubernetes Secret ([#9103](https://github.com/traefik/traefik/pull/9103) by [rtribotte](https://github.com/rtribotte))
+- **[logs,tcp]** Quiet down TCP RST packet error on read operation ([#9007](https://github.com/traefik/traefik/pull/9007) by [rtribotte](https://github.com/rtribotte))
+- **[metrics]** Add traffic size metrics ([#9208](https://github.com/traefik/traefik/pull/9208) by [tomMoulard](https://github.com/tomMoulard))
+- **[middleware,pilot]** Remove Pilot support ([#9330](https://github.com/traefik/traefik/pull/9330) by [ldez](https://github.com/ldez))
+- **[rules,tcp]** Support ALPN for TCP + TLS routers ([#8913](https://github.com/traefik/traefik/pull/8913) by [sh7dm](https://github.com/sh7dm))
+- **[tcp,service,udp]** Make the loadbalancers servers order random ([#9037](https://github.com/traefik/traefik/pull/9037) by [qmloong](https://github.com/qmloong))
+- **[tls]** Change default TLS options for more security ([#8951](https://github.com/traefik/traefik/pull/8951) by [ddtmachado](https://github.com/ddtmachado))
+- **[tracing]** Add Datadog GlobalTags support ([#9266](https://github.com/traefik/traefik/pull/9266) by [sdelicata](https://github.com/sdelicata))
+
+**Bug fixes:**
+- **[acme]** Fix ACME panic ([#9365](https://github.com/traefik/traefik/pull/9365) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[metrics]** Rework metrics overview page ([#9366](https://github.com/traefik/traefik/pull/9366) by [ddtmachado](https://github.com/ddtmachado))
+
+**Misc:**
+- Merge current v2.8 into v2.9 ([#9400](https://github.com/traefik/traefik/pull/9400) by [ldez](https://github.com/ldez))
+- Merge current v2.8 into v2.9 ([#9371](https://github.com/traefik/traefik/pull/9371) by [ldez](https://github.com/ldez))
+- Merge current v2.8 into v2.9 ([#9367](https://github.com/traefik/traefik/pull/9367) by [ldez](https://github.com/ldez))
+- Merge current v2.8 into v2.9 ([#9350](https://github.com/traefik/traefik/pull/9350) by [ldez](https://github.com/ldez))
+- Merge current v2.8 into v2.9 ([#9343](https://github.com/traefik/traefik/pull/9343) by [kevinpollet](https://github.com/kevinpollet))
+- Merge v2.8.5 into master ([#9329](https://github.com/traefik/traefik/pull/9329) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.8 into master ([#9291](https://github.com/traefik/traefik/pull/9291) by [rtribotte](https://github.com/rtribotte))
+- Merge current v2.8 into master ([#9265](https://github.com/traefik/traefik/pull/9265) by [kevinpollet](https://github.com/kevinpollet))
+- Merge current v2.8 into master ([#9209](https://github.com/traefik/traefik/pull/9209) by [kevinpollet](https://github.com/kevinpollet))
+- Merge current v2.8 into master ([#9146](https://github.com/traefik/traefik/pull/9146) by [kevinpollet](https://github.com/kevinpollet))
+- Merge current v2.8 into master ([#9135](https://github.com/traefik/traefik/pull/9135) by [kevinpollet](https://github.com/kevinpollet))
+
+## [v2.9.0](https://github.com/traefik/traefik/tree/v2.9.0) (2022-10-03)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.9.0)
+
+Release canceled.
+
+## [v2.9.0-rc5](https://github.com/traefik/traefik/tree/v2.9.0-rc5) (2022-09-30)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc4...v2.9.0-rc5)
+
+**Misc:**
+- Merge current v2.8 into v2.9 ([#9400](https://github.com/traefik/traefik/pull/9400) by [ldez](https://github.com/ldez))
+
+## [v2.8.8](https://github.com/traefik/traefik/tree/v2.8.8) (2022-09-30)
+[All Commits](https://github.com/traefik/traefik/compare/v2.8.7...v2.8.8)
+
+**Bug fixes:**
+- **[server]** Update golang.org/x/net to latest version ([#9398](https://github.com/traefik/traefik/pull/9398) by [tspearconquest](https://github.com/tspearconquest))
+
+**Documentation:**
+- **[docker]** Fix watch option description for Docker provider ([#9391](https://github.com/traefik/traefik/pull/9391) by [bhuisgen](https://github.com/bhuisgen))
+- **[ecs]** Fix autoDiscoverClusters option documentation for ECS provider ([#9392](https://github.com/traefik/traefik/pull/9392) by [johnpekcan](https://github.com/johnpekcan))
+- **[k8s]** Improve documentation for publishedService and IP options ([#9380](https://github.com/traefik/traefik/pull/9380) by [samip5](https://github.com/samip5))
+
+## [v2.9.0-rc4](https://github.com/traefik/traefik/tree/v2.9.0-rc4) (2022-09-23)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc3...v2.9.0-rc4)
+
+**Bug fixes:**
+- **[acme]** Fix ACME panic ([#9365](https://github.com/traefik/traefik/pull/9365) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[metrics]** Rework metrics overview page ([#9366](https://github.com/traefik/traefik/pull/9366) by [ddtmachado](https://github.com/ddtmachado))
+
+**Misc:**
+- Merge current v2.8 into v2.9 ([#9371](https://github.com/traefik/traefik/pull/9371) by [ldez](https://github.com/ldez))
+- Merge current v2.8 into v2.9 ([#9367](https://github.com/traefik/traefik/pull/9367) by [ldez](https://github.com/ldez))
+- Merge current v2.8 into v2.9 ([#9350](https://github.com/traefik/traefik/pull/9350) by [ldez](https://github.com/ldez))
+
+## [v2.8.7](https://github.com/traefik/traefik/tree/v2.8.7) (2022-09-23)
+[All Commits](https://github.com/traefik/traefik/compare/v2.8.5...v2.8.7)
+
+**Bug fixes:**
+- **[consulcatalog]** Fix UDP loadbalancer tags not being used with Consul Catalog ([#9357](https://github.com/traefik/traefik/pull/9357) by [t3hchipmunk](https://github.com/t3hchipmunk))
+- **[docker,rancher,ecs,provider]** Simplify AddServer algorithm ([#9358](https://github.com/traefik/traefik/pull/9358) by [ldez](https://github.com/ldez))
+- **[plugins]** Allow empty plugin configuration ([#9338](https://github.com/traefik/traefik/pull/9338) by [ldez](https://github.com/ldez))
+- **[rules]** Fix query parameter matching with equal ([#9369](https://github.com/traefik/traefik/pull/9369) by [ldez](https://github.com/ldez))
+- **[server]** Optimize websocket headers handling ([#9360](https://github.com/traefik/traefik/pull/9360) by [juliens](https://github.com/juliens))
+
+**Documentation:**
+- **[ecs]** Add documentation for ECS constraints option ([#9354](https://github.com/traefik/traefik/pull/9354) by [rtribotte](https://github.com/rtribotte))
+- **[k8s/gatewayapi]** Fix link to RouteNamespaces ([#9349](https://github.com/traefik/traefik/pull/9349) by [ldez](https://github.com/ldez))
+- Add documentation for json schema usage to validate config in the FAQ ([#9340](https://github.com/traefik/traefik/pull/9340) by [rtribotte](https://github.com/rtribotte))
+- Add a note on case insensitive regex matching ([#9322](https://github.com/traefik/traefik/pull/9322) by [NEwa-05](https://github.com/NEwa-05))
+
+## [v2.8.6](https://github.com/traefik/traefik/tree/v2.8.6) (2022-09-23)
+[All Commits](https://github.com/traefik/traefik/compare/v2.8.5...v2.8.6)
+
+Release canceled.
+
+## [v2.9.0-rc3](https://github.com/traefik/traefik/tree/v2.9.0-rc3) (2022-09-16)
+[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc2...v2.9.0-rc3)
+
+**Misc:**
+- Merge current v2.8 into v2.9 ([#9343](https://github.com/traefik/traefik/pull/9343) by [kevinpollet](https://github.com/kevinpollet))
+
 ## [v2.9.0-rc1](https://github.com/traefik/traefik/tree/v2.9.0-rc2) (2022-09-14)
 [All Commits](https://github.com/traefik/traefik/compare/v2.8.0-rc1...v2.9.0-rc2)
 
@@ -6265,5 +6560,3 @@ Same changelog as v2.0.3.
 - Fix travis tag check [\#422](https://github.com/traefik/traefik/pull/422) ([emilevauge](https://github.com/emilevauge))
 - log info about TOML configuration file using [\#420](https://github.com/traefik/traefik/pull/420) ([cocap10](https://github.com/cocap10))
 - Doc about skipping some integration tests with '-check.f ConsulCatalogSuite' [\#418](https://github.com/traefik/traefik/pull/418) ([samber](https://github.com/samber))
-
-\* *This Change Log was automatically generated by [gcg](https://github.com/ldez/gcg)*

LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2020 Containous SAS; 2020-2022 Traefik Labs
+Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -189,7 +189,7 @@ generate-genconf:
 .PHONY: release-packages
 release-packages: generate-webui build-dev-image
 	rm -rf dist
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish --timeout="90m"
+	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 2 --timeout="90m"
 	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
 		--exclude-vcs \
 		--exclude .idea \

build.Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine
+FROM golang:1.20-alpine
 
 RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
     && update-ca-certificates \
@@ -13,10 +13,10 @@ RUN mkdir -p /usr/local/bin \
     | tar -xzC /usr/local/bin --transform 's#^.+/##x'
 
 # Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.49.0
+RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.52.2
 
 # Download misspell binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4
+RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
 
 # Download goreleaser binary to bin folder in $GOPATH
 RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh

cmd/traefik/traefik.go

@@ -31,7 +31,6 @@ import (
 	"github.com/traefik/traefik/v2/pkg/log"
 	"github.com/traefik/traefik/v2/pkg/metrics"
 	"github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
-	"github.com/traefik/traefik/v2/pkg/middlewares/capture"
 	"github.com/traefik/traefik/v2/pkg/provider/acme"
 	"github.com/traefik/traefik/v2/pkg/provider/aggregator"
 	"github.com/traefik/traefik/v2/pkg/provider/hub"
@@ -45,7 +44,7 @@ import (
 	"github.com/traefik/traefik/v2/pkg/tracing/jaeger"
 	"github.com/traefik/traefik/v2/pkg/types"
 	"github.com/traefik/traefik/v2/pkg/version"
-	"github.com/vulcand/oxy/roundrobin"
+	"github.com/vulcand/oxy/v2/roundrobin"
 )
 
 func main() {
@@ -260,9 +259,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 
 	accessLog := setupAccessLog(staticConfiguration.AccessLog)
 	tracer := setupTracing(staticConfiguration.Tracing)
-	captureMiddleware := setupCapture(staticConfiguration)
 
-	chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer, captureMiddleware)
+	chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
 	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry)
 
 	// Watcher
@@ -280,7 +278,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
 
 		gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
-		for _, certificate := range tlsManager.GetCertificates() {
+		for _, certificate := range tlsManager.GetServerCertificates() {
 			appendCertMetric(gauge, certificate)
 		}
 	})
@@ -565,13 +563,6 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
 	return tracer
 }
 
-func setupCapture(staticConfiguration *static.Configuration) *capture.Handler {
-	if staticConfiguration.AccessLog == nil && staticConfiguration.Metrics == nil {
-		return nil
-	}
-	return &capture.Handler{}
-}
-
 func configureLogging(staticConfiguration *static.Configuration) {
 	// configure default log flags
 	stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)

docs/content/contributing/advocating.md

@@ -9,7 +9,7 @@ Spread the Love & Tell Us about It
 {: .subtitle }
 
 Traefik Proxy was started by the community for the community.
-You can contribute to the Traefik community in three main ways: 
+You can contribute to the Traefik community in three main ways:
 
 **Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
 and teach others in the community how to best implement it.
@@ -28,4 +28,4 @@ Luckily, as an open source community, our users can help by [building awesome fe
 We are a big community, so we do need to prioritize a bit.
 That is why we use the tag `contributor/wanted` to let you know which pull requests will make it to the front of the queue for design support and review.
 Feel free to grab one of these and run with it.
-Top contributors get unique swag to celebrate. 
+Top contributors get unique swag to celebrate.

docs/content/contributing/building-testing.md

@@ -8,17 +8,22 @@ description: "Compile and test your own Traefik Proxy! Learn how to build your o
 Compile and Test Your Own Traefik!
 {: .subtitle }
 
-So you want to build your own Traefik binary from the sources?
+You want to build your own Traefik binary from the sources?
 Let's see how.
 
 ## Building
 
-You need either [Docker](https://github.com/docker/docker) and `make` (Method 1), or `go` (Method 2) in order to build Traefik.
+You need either [Docker](https://github.com/docker/docker "Link to website of Docker") and `make` (Method 1), or [Go](https://go.dev/ "Link to website of Go") (Method 2) in order to build Traefik.
 For changes to its dependencies, the `dep` dependency management tool is required.
 
 ### Method 1: Using `Docker` and `Makefile`
 
 Run make with the `binary` target.
+
+```bash
+make binary
+```
+
 This will create binaries for the Linux platform in the `dist` folder.
 
 In case when you run build on CI, you may probably want to run docker in non-interactive mode. To achieve that define `DOCKER_NON_INTERACTIVE=true` environment variable.
@@ -160,7 +165,7 @@ TESTFLAGS="-check.f MyTestSuite.My" make test-integration
 TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
 ```
 
-More: https://labix.org/gocheck
+Check [gocheck](https://labix.org/gocheck "Link to website of gocheck") for more information.
 
 ### Method 2: `go`
 

docs/content/contributing/data-collection.md

@@ -10,8 +10,8 @@ Understanding How Traefik is Being Used
 
 ## Configuration Example
 
-Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.  
+Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.
-For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
+For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us, so we can benefit from your experience and use cases.
 
 !!! example "Enabling Data Collection"
 
@@ -34,9 +34,7 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
 
 ## Collected Data
 
-This feature comes from the public proposal [here](https://github.com/traefik/traefik/issues/2369).
+This feature comes from this [public proposal](https://github.com/traefik/traefik/issues/2369).
-
-This feature is activated when using Traefik Pilot to better understand the community's need, and also to get information about plug-ins popularity.
 
 In order to help us learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances.
 Those data help us prioritize our developments and focus on what's important for our users (for example, which provider is popular, and which is not).
@@ -47,7 +45,7 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
 
 - the Traefik version number
 - a hash of the configuration
-- an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed).
+- an **anonymized version** of the static configuration (token, username, password, URL, IP, domain, email, etc., are removed).
 
 !!! info
 
@@ -101,4 +99,4 @@ providers:
 
 If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/traefik/traefik/blob/master/pkg/collector/collector.go)
 
-By default we anonymize all configuration fields, except fields tagged with `export=true`.
+By default, we anonymize all configuration fields, except fields tagged with `export=true`.

docs/content/contributing/documentation.md

@@ -15,10 +15,14 @@ Let's see how.
 
 ### General
 
-This [documentation](https://doc.traefik.io/traefik/) is built with [mkdocs](https://mkdocs.org/).
+This [documentation](https://doc.traefik.io/traefik/ "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to website of MkDocs").
 
 ### Method 1: `Docker` and `make`
 
+Please make sure you have the following requirements installed:
+
+- [Docker](https://www.docker.com/ "Link to website of Docker")
+
 You can build the documentation and test it locally (with live reloading), using the `docs-serve` target:
 
 ```bash
@@ -43,9 +47,12 @@ $ make docs-build
 ...
 ```
 
-### Method 2: `mkdocs`
+### Method 2: `MkDocs`
 
-First, make sure you have `python` and `pip` installed.
+Please make sure you have the following requirements installed:
+
+- [Python](https://www.python.org/ "Link to website of Python")
+- [pip](https://pypi.org/project/pip/ "Link to the website of pip on PyPI")
 
 ```bash
 $ python --version
@@ -54,7 +61,7 @@ $ pip --version
 pip 1.5.2
 ```
 
-Then, install mkdocs with `pip`.
+Then, install MkDocs with `pip`.
 
 ```bash
 pip install --user -r requirements.txt
@@ -87,7 +94,7 @@ Running ["HtmlCheck", "ImageCheck", "ScriptCheck", "LinkCheck"] on /app/site/bas
 
 !!! note "Clean & Verify"
 
-    If you've made changes to the documentation, it's safter to clean it before verifying it.
+    If you've made changes to the documentation, it's safer to clean it before verifying it.
 
     ```bash
     $ make docs

docs/content/contributing/maintainers-guidelines.md

@@ -11,7 +11,7 @@ Note: the document is a work in progress.
 
 Welcome to the Traefik Community.
 This document describes how to be part of the core team
-as well as various responsibilities
+together with various responsibilities
 and guidelines for Traefik maintainers.
 We are strongly promoting a philosophy of openness and sharing,
 and firmly standing against the elitist closed approach.
@@ -20,7 +20,7 @@ and wants to be part of that journey!
 
 ## Onboarding Process
 
-If you consider joining our community please drop us a line using Twitter or leave a note in the issue.
+If you consider joining our community, please drop us a line using Twitter or leave a note in the issue.
 We will schedule a quick call to meet you and learn more about your motivation.
 During the call, the team will discuss the process of becoming a maintainer.
 We will be happy to answer any questions and explain all your doubts.
@@ -53,7 +53,7 @@ but we can suggest you start with activities such as:
       Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case. 
       You can help in creating a reproducible use case if it has not been added to the issue
       or use the sample code provided by the reporter.
-      Typically, a simple docker compose should be enough to reproduce the issue.
+      Typically, a simple Docker Compose should be enough to reproduce the issue.
 - Code contribution.
 - Documentation contribution.
     - Technical documentation is one of the most important components of the product.
@@ -61,7 +61,7 @@ but we can suggest you start with activities such as:
       using the official documentation,
       is a game changer.
 - You will be listed on our Maintainers GitHub page
-  as well as on our website in the section [maintainers](maintainers.md).
+  and on our website in the section [maintainers](maintainers.md).
 - We will be promoting you on social channels (mostly on Twitter).
 
 ## Governance
@@ -71,7 +71,7 @@ but we can suggest you start with activities such as:
 ## Communicating
 
 - All of our maintainers are added to Slack #traefik-maintainers channel that belongs to Traefik labs workspace.
-  Having the team in one place helps us to communicate effectively. 
+  Having the team in one place helps us to communicate effectively.
   You can reach Traefik core developers directly,
   which offers the possibility to discuss issues, pull requests, enhancements more efficiently
   and get the feedback almost immediately.
@@ -112,9 +112,9 @@ maintainers' activity and involvement will be reviewed on a regular basis.
 
 - Be able to put yourself in users’ shoes.
 - Be open-minded and respectful with other maintainers and other community members.
-- Keep the communication public - 
+- Keep the communication public -
   if anyone tries to communicate with you directly,
-  ask him politely to move the conversation to a public communication channel.
+  ask politely to move the conversation to a public communication channel.
 - Stay away from defensive comments.
 - Please try to express your thoughts clearly enough
   and note that some of us are not native English speakers.
@@ -122,7 +122,7 @@ maintainers' activity and involvement will be reviewed on a regular basis.
   none of us is able to predict your thoughts.
 - There are a lot of use cases of using Traefik
   and even more issues that are difficult to reproduce.
-  If the issue can’t be replicated due to a lack of reproducible case (a simple docker compose should be enough) - 
+  If the issue can’t be replicated due to a lack of reproducible case (a simple Docker Compose should be enough) -
   set your time limits while working on the issue
   and express clearly that you were not able to replicate it.
   You can come back later to that case.

docs/content/contributing/submitting-issues.md

@@ -9,10 +9,10 @@ Help Us Help You!
 {: .subtitle }
 
 Issues are perfect for requesting a feature/enhancement or reporting a suspected bug.
-We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik. 
+We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik.
 
 The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
-To help us (and other community members) quickly and easily understand what you need,
+To help us (and other community members) quickly and effortlessly understand what you need,
 be sure to follow the guidelines below.
 
 !!! important "Getting Help Vs Reporting an Issue"
@@ -33,16 +33,17 @@ Examples:
 
 ## Feature Request
 
-Traefik is an open source project and aims to be the best edge router possible. 
+Traefik is an open source project and aims to be the best edge router possible.
 
 Remember when asking for new features that these must be useful to the majority (and not only useful in edge case scenarios, or hack-like setups).
 Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/feature-request.yml) as much as possible.
 
 Do your best to explain what you're looking for, and why it would improve Traefik for everyone.
 Be detailed and share the use-case(s) to allow us to see the value of your feature request as quickly as possible.
-Features with a lot of positive interaction (claps, +1s, conversation about how this would impact them) indicate higher community interest and help us to prioritize.  
 
-If you are interested in creating a PR for your feature request, let us know in the the issue so we can work with you.  
+Features with a lot of positive interaction (claps, +1s, conversation about how this would impact them) indicate higher community interest and help us to prioritize.
+
+If you are interested in creating a PR for your feature request, let us know in the issue, so we can work with you.
 It can take a lot of work to make sure a PR can integrate with our existing code and planning with the team ahead of time can make sure that your PR can be accepted and merged quickly.
 
 ## Issues or Possible Bug Reports
@@ -50,13 +51,13 @@ It can take a lot of work to make sure a PR can integrate with our existing code
 Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/bug_report.yml) as much as possible.
 
 Explain the conditions in which you encountered the issue; what is your context?
-Share any logs you may have and make sure to share the steps it takes to reproduce your issue or bug. 
+Share any logs you may have, and make sure to share the steps it takes to reproduce your issue or bug.
 
 Remain as clear and concise as possible.
 
-Take time to polish the format of your message so we'll enjoy reading it and working on it. 
+Take time to polish the format of your message, so we'll enjoy reading it and working on it.
 Help your readers focus on what matters and help them understand the structure of your message (see the [GitHub Markdown Syntax](https://docs.github.com/en/get-started/writing-on-github)).
 
 ## International English
 
-Every maintainer / Traefik user is not a native English speaker, so if you feel sometimes that some messages sound rude, remember that it probably is a language barrier problem from someone willing to help you.
+Every maintainer / Traefik user is not a native English speaker, so if you sometimes feel that some messages sound rude, remember that it probably is a language barrier problem from someone willing to help you.

docs/content/contributing/submitting-pull-requests.md

@@ -5,22 +5,22 @@ description: "Looking to contribute to Traefik Proxy? This guide will show you t
 
 # Before You Submit a Pull Request
 
-This guide is for contributors who already have a pull request to submit. 
+This guide is for contributors who already have a pull request to submit.
-If you are looking for information on setting up your developer environment 
+If you are looking for information on setting up your developer environment
-and creating code to contribute to Traefik Proxy or related projects, 
+and creating code to contribute to Traefik Proxy or related projects,
 see the [development guide](https://docs.traefik.io/contributing/building-testing/).
 
-Looking for a way to contribute to Traefik Proxy? 
+Looking for a way to contribute to Traefik Proxy?
-Check out this list of [Priority Issues](https://github.com/traefik/traefik/labels/contributor%2Fwanted), 
+Check out this list of [Priority Issues](https://github.com/traefik/traefik/labels/contributor%2Fwanted),
-the [Good First Issue](https://github.com/traefik/traefik/labels/contributor%2Fgood-first-issue) list, 
+the [Good First Issue](https://github.com/traefik/traefik/labels/contributor%2Fgood-first-issue) list,
 or the list of [confirmed bugs](https://github.com/traefik/traefik/labels/kind%2Fbug%2Fconfirmed) waiting to be remedied.
 
 ## How We Prioritize
 
-We wish we could review every pull request right away. 
+We wish we could review every pull request right away.
-Unfortunately, our team has to prioritize pull requests (PRs) for review 
+Unfortunately, our team has to prioritize pull requests (PRs) for review
-(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up, 
+(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up,
-so if you are interested, check it out and apply). 
+if you are interested, check it out and apply).
 
 The PRs we are able to handle fastest are:
 
@@ -30,20 +30,20 @@ The PRs we are able to handle fastest are:
 
 PRs that take more time to address include:
 
-* Enhancements or Features without the `contributor/wanted` tag.  
+* Enhancements or Features without the `contributor/wanted` tag.
-  
+
-If you have an idea for an enhancement or feature that you would like to build, 
+If you have an idea for an enhancement or feature that you would like to build,
-[create an issue](https://github.com/traefik/traefik/issues/new/choose) for it first 
+[create an issue](https://github.com/traefik/traefik/issues/new/choose) for it first
-and tell us you are interested in writing the PR. 
+and tell us you are interested in writing the PR.
-If an issue already exists, definitely comment on it to tell us you are interested in creating a PR. 
+If an issue already exists, definitely comment on it to tell us you are interested in creating a PR.
+
+This will allow us to communicate directly and let you know if it is something we would accept.
+
+It also allows us to make sure you have all the information you need during the design phase
+so that it can be reviewed and merged quickly.
+
+Read more about the [Triage process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in the docs.
 
-This will allow us to communicate directly and let you know if it is something we would accept. 
-It also allows us to make sure you have all the information you need during the design phase 
-so that it can be reviewed and merged quickly. 
-  
-If you have questions about the Triage process,
-[read more here](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).  
-  
 ## The Pull Request Submit Process
 
 Merging a PR requires the following steps to be completed before it is merged automatically.
@@ -56,14 +56,15 @@ Merging a PR requires the following steps to be completed before it is merged au
     * Do not open the PR from an organization repository.
     * Keep "allows edit from maintainer" checked.
     * Use semantic line breaks for documentation.
+    * Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
 * Pass the validation check.
 * Pass all tests.
 * Receive 3 approving reviews maintainers.
 
 ## Pull Request Review Cycle
 
-You can read about our Triage Process [here](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md), 
+Learn about our [Triage Process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md),
-but in short, it looks like this:
+in short, it looks like this:
 
 * We triage every new PR or comment before entering it into the review process.
     * We ensure that all prerequisites for review have been met.
@@ -75,20 +76,20 @@ but in short, it looks like this:
 * Code Review.
     * We review the code in-depth and run tests.
     * We may ask for changes here.
-    * During code review, we ask that you be reasonably responsive, 
+    * During code review, we ask that you be reasonably responsive,
-      if a PR languishes in code review it is at risk of rejection, 
+      if a PR languishes in code review it is at risk of rejection,
       or we may take ownership of the PR and the contributor will become a co-author.
-* Merge. 
+* Merge.
     * Success!
 
 !!! note
 
-    Occasionally, we may freeze our codebase when working towards a specific feature or goal that could impact other development. 
+    Occasionally, we may freeze our codebase when working towards a specific feature or goal that could impact other development.
     During this time, your pull request could remain unmerged while the release work is completed.
 
 ## Run Local Verifications
 
-You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration. 
+You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
 Your PR will not be reviewed until these are green on the CI.
 
 * `make validate`
@@ -97,10 +98,10 @@ Your PR will not be reviewed until these are green on the CI.
 
 ## The Testing and Merge Workflow
 
-Pull Requests are managed by the bot [Myrmica Lobicornis](https://github.com/traefik/lobicornis). 
+Pull Requests are managed by the bot [Myrmica Lobicornis](https://github.com/traefik/lobicornis).
-This bot is responsible for verifying GitHub Checks (CI, Tests, etc), mergability, and minimum reviews. 
+This bot is responsible for verifying GitHub Checks (CI, Tests, etc), mergability, and minimum reviews.
-In addition, it rebases or merges with the base PR branch if needed. 
+In addition, it rebases or merges with the base PR branch if needed.
-It performs several other housekeeping items 
+It performs several other housekeeping items
 and you can read more about those on the [README](https://github.com/traefik/lobicornis) for Lobicornis.
 
 The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
@@ -109,7 +110,7 @@ By default, a squash-rebase merge will be carried out.
 
 The status `status/4-merge-in-progress` is only used by the bot.
 
-If the bot is not able to perform the merge, the label `bot/need-human-merge` is added. 
+If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.
 In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
 
 To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
@@ -125,23 +126,23 @@ This label can be used when:
 
 ## Why Was My Pull Request Closed?
 
-Traefik Proxy is made by the community for the community, 
+Traefik Proxy is made by the community for the community,
-as such the goal is to engage the community to make Traefik the best reverse proxy available. 
+as such the goal is to engage the community to make Traefik the best reverse proxy available.
-Part of this goal is maintaining a lean codebase and ensuring code velocity. 
+Part of this goal is maintaining a lean codebase and ensuring code velocity.
 unfortunately, this means that sometimes we will not be able to merge a pull request.
 
-Because we respect the work you did, you will always be told why we are closing your pull request. 
+Because we respect the work you did, you will always be told why we are closing your pull request.
-If you do not agree with our decision, do not worry; closed pull requests are easy to recreate, 
+If you do not agree with our decision, do not worry; closed pull requests are effortless to recreate,
 and little work is lost by closing a pull request that subsequently needs to be reopened.
 
 Your pull request might be closed if:
 
-* Your PR's design conflicts with our existing codebase in such a way that Merging is not an option 
+* Your PR's design conflicts with our existing codebase in such a way that merging is not an option
   and the work needed to make your pull request usable is too high.
     * To prevent this, make sure you created an issue first
       and think about including Traefik Proxy maintainers in your design phase to minimize conflicts.
 * Your PR is for an enhancement or feature that we will not use.
-    * Please remember to create an issue for any pull request **before** you create a PR 
+    * Please remember to create an issue for any pull request **before** you create a PR
       to ensure that your goal is something we can merge and that you have any design insight you might need from the team.
 * Your PR has been waiting for feedback from the contributor for over 90 days.
 
@@ -149,54 +150,54 @@ Your pull request might be closed if:
 
 A few factors affect how long your pull request might wait for review.
 
-We must prioritize which PRs we focus on. 
+We must prioritize which PRs we focus on.
-Our first priority is PRs we have identified as having high community engagement and broad applicability. 
+Our first priority is PRs we have identified as having high community engagement and broad applicability.
-We put our top priorities on our roadmap and you can identify them by the `contributor/wanted` tag. 
+We put our top priorities on our roadmap, and you can identify them by the `contributor/wanted` tag.
-These PRs will enter our review process the fastest. 
+These PRs will enter our review process the fastest.
 
-Our second priority is bug fixes. 
+Our second priority is bug fixes.
-Especially for bugs that have already been tagged with `bug/confirmed`. 
+Especially for bugs that have already been tagged with `bug/confirmed`.
 These reviews enter the process quickly.
 
-If your PR does not meet the criteria above, 
+If your PR does not meet the criteria above,
-it will take longer for us to review as any PRs that do meet the criteria above will be prioritized. 
+it will take longer for us to review, as any PRs that do meet the criteria above will be prioritized.
 
-Additionally, during the last few weeks of a milestone, we stop reviewing PRs to reduce churn and stabilize. 
+Additionally, during the last few weeks of a milestone, we stop reviewing PRs to reduce churn and stabilize.
-We will resume after the release. 
+We will resume after the release.
 
-The second major reason that we deprioritize your PR is that you are not following best practices. 
+The second major reason that we deprioritize your PR is that you are not following best practices.
 
 The most common failures to follow best practices are:
 
-* You did not create an issue for the PR you wish to make. 
+* You did not create an issue for the PR you wish to make.
-  If you do not create an issue before submitting your PR, 
+  If you do not create an issue before submitting your PR,
-  we will not be able to answer any design questions and let you know how likely your PR is to be merged. 
+  we will not be able to answer any design questions and let you know how likely your PR is to be merged.
 * You created pull requests that are too large to review.
     * Break your pull requests up.
-      If you can extract whole ideas from your pull request and send those as pull requests of their own, 
+      If you can extract whole ideas from your pull request and send those as pull requests of their own,
-      you should do that instead. 
+      you should do that instead.
-      It is better to have many pull requests addressing one thing than one pull request addressing many things. 
+      It is better to have many pull requests addressing one thing than one pull request addressing many things.
-    * Traefik Proxy is a fast-moving codebase — lock in your changes ASAP with your small pull request, 
+    * Traefik Proxy is a fast-moving codebase — lock in your changes ASAP with your small pull request,
       and make merges be someone else's problem.
-      We want every pull request to be useful on its own, 
+      We want every pull request to be useful on its own,
       so use your best judgment on what should be a pull request vs. a commit.
 * You did not comment well.
     * Comment everything.
 
-Please remember that we are working internationally, cross-culturally, and with different use-cases. 
+Please remember that we are working internationally, cross-culturally, and with different use-cases.
 Your reviewer will not intuitively understand the problem the same way you do or solve it the same way you would.
-This is why every change you make must be explained and your strategy for coding must also be explained.   
+This is why every change you make must be explained, and your strategy for coding must also be explained.
 
 * Your tests were inadequate or absent.
-    * If you do not know how to test your PR, please ask! 
+    * If you do not know how to test your PR, please ask!
       We will be happy to help you or suggest appropriate test cases.
 
-If you have already followed the best practices and your PR still has not received a response, 
+If you have already followed the best practices and your PR still has not received a response,
 here are some things you can do to move the process along:
 
-* If you have fixed all the issues from a review, 
+* If you have fixed all the issues from a review,
-  remember to re-request a review (using the designated button) to let your reviewer know that you are ready. 
+  remember to re-request a review (using the designated button) to let your reviewer know that you are ready.
-  You can choose to comment with the changes you made. 
+  You can choose to comment with the changes you made.
 * Ping `@tfny` if you have not been assigned to a reviewer.
 
 For more information on best practices, try these links:
@@ -208,23 +209,23 @@ For more information on best practices, try these links:
 
 ## It's OK to Push Back
 
-Sometimes reviewers make mistakes. 
+Sometimes reviewers make mistakes.
-It is OK to push back on changes your reviewer requested. 
+It is OK to push back on changes your reviewer requested.
 If you have a good reason for doing something a certain way, you are absolutely allowed to debate the merits of a requested change.
 Both the reviewer and reviewee should strive to discuss these issues in a polite and respectful manner.
 
-You might be overruled, but you might also prevail. 
+You might be overruled, but you might also prevail.
 We are pretty reasonable people.
 
 Another phenomenon of open-source projects (where anyone can comment on any issue) is the dog-pile -
-your pull request gets so many comments from so many people it becomes hard to follow. 
+your pull request gets so many comments from so many people it becomes hard to follow.
-In this situation, you can ask the primary reviewer (assignee) whether they want you to fork a new pull request 
+In this situation, you can ask the primary reviewer (assignee) whether they want you to fork a new pull request
-to clear out all the comments. 
+to clear out all the comments.
-You do not have to fix every issue raised by every person who feels like commenting, 
+You do not have to fix every issue raised by every person who feels like commenting,
 but you should answer reasonable comments with an explanation.
 
 ## Common Sense and Courtesy
 
-No document can take the place of common sense and good taste. 
+No document can take the place of common sense and good taste.
-Use your best judgment, while you put a bit of thought into how your work can be made easier to review. 
+Use your best judgment, while you put a bit of thought into how your work can be made easier to review.
-If you do these things your pull requests will get merged with less friction.
+If you do these things, your pull requests will get merged with less friction.

docs/content/contributing/submitting-security-issues.md

@@ -12,7 +12,7 @@ You can subscribe sending a mail to security+subscribe@traefik.io or on [the onl
 
 ## CVE
 
-Reported vulnerabilities can be found on 
+Reported vulnerabilities can be found on
 [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
 
 ## Report a Vulnerability

docs/content/deprecation/features.md

@@ -2,11 +2,14 @@
 
 This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
 
-| Feature                                                     | Deprecated | End of Support | Removal |
+| Feature                                                                                             | Deprecated | End of Support | Removal |
-|-------------------------------------------------------------|------------|----------------|---------|
+|-----------------------------------------------------------------------------------------------------|------------|----------------|---------|
-| [Pilot](#pilot)                                             | 2.7        | 2.8            | 2.9     |
+| [Pilot](#pilot)                                                                                     | 2.7        | 2.8            | 2.9     |
-| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8        | N/A            | 3.0     |
+| [Consul Enterprise Namespace](#consul-enterprise-namespace)                                         | 2.8        | N/A            | 3.0     |
-| [TLS 1.0 and 1.1 Support](#tls-10-and-11)                   | N/A        | 2.8            | N/A     |
+| [TLS 1.0 and 1.1 Support](#tls-10-and-11)                                                           | N/A        | 2.8            | N/A     |
+| [Nomad Namespace](#nomad-namespace)                                                                 | 2.10       | N/A            | 3.0     |
+| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crds-api-group-traefikcontainous)     | 2.10       | N/A            | 3.0     |
+| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | N/A        | N/A            | 3.0     |
 
 ## Impact
 
@@ -26,3 +29,16 @@ please use the `namespaces` options instead.
 ### TLS 1.0 and 1.1
 
 Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2. Of course, it can still be overridden with custom configuration.  
+
+### Nomad Namespace
+
+Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
+please use the `namespaces` options instead.
+
+### Kubernetes CRDs API Group `traefik.containo.us`
+
+In v2.10, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
+
+### Kubernetes CRDs API Version `traefik.io/v1alpha1`
+
+The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`.

docs/content/deprecation/releases.md

@@ -6,16 +6,17 @@ Below is a non-exhaustive list of versions and their maintenance status:
 
 | Version | Release Date | Active Support     | Security Support | 
 |---------|--------------|--------------------|------------------|
-| 2.8     | Jun 29, 2022 |      Yes           |       Yes        |
+| 2.9     | Oct 03, 2022 | Yes                | Yes              |
-| 2.7     | May 24, 2022 | Ended Jun 29, 2022 |       No         |
+| 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 | No               |
-| 2.6     | Jan 24, 2022 | Ended May 24, 2022 |       No         |
+| 2.7     | May 24, 2022 | Ended Jun 29, 2022 | No               |
-| 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 |       No         |
+| 2.6     | Jan 24, 2022 | Ended May 24, 2022 | No               |
-| 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 |       No         |
+| 2.5     | Aug 17, 2021 | Ended Jan 24, 2022 | No               |
-| 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 |       No         |
+| 2.4     | Jan 19, 2021 | Ended Aug 17, 2021 | No               |
-| 2.2     | Mar 25, 2020 | Ended Sep 23, 2020 |       No         |
+| 2.3     | Sep 23, 2020 | Ended Jan 19, 2021 | No               |
-| 2.1     | Dec 11, 2019 | Ended Mar 25, 2020 |       No         |
+| 2.2     | Mar 25, 2020 | Ended Sep 23, 2020 | No               |
-| 2.0     | Sep 16, 2019 | Ended Dec 11, 2019 |       No         |
+| 2.1     | Dec 11, 2019 | Ended Mar 25, 2020 | No               |
-| 1.7     | Sep 24, 2018 | Ended Dec 31, 2021 |  Contact Support |
+| 2.0     | Sep 16, 2019 | Ended Dec 11, 2019 | No               |
+| 1.7     | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support  |
 
 ??? example "Active Support / Security Support"
 

docs/content/getting-started/concepts.md

@@ -1,19 +1,34 @@
 ---
-title: "Traefik Concepts Documentation"
+title: Concepts
-description: "Get started with Traefik Proxy. Read the technical documentation for an introduction into the key concepts behind our open source edge router."
+description: Traefik - base concepts and main features
 ---
 
 # Concepts
 
-Everything You Need to Know
+This page explains the base concepts of Traefik.
-{: .subtitle }
+
+---
+
+## Introduction
+
+Traefik is based on the concept of EntryPoints, Routers, Middelwares and Services.
+
+The main features include dynamic configuration, automatic service discovery, and support for multiple backends and protocols.
+
+1. [EntryPoints](../routing/entrypoints.md "Link to docs about EntryPoints"): EntryPoints are the network entry points into Traefik. They define the port which will receive the packets, and whether to listen for TCP or UDP.
+
+2. [Routers](../routing/routers/index.md "Link to docs about routers"): A router is in charge of connecting incoming requests to the services that can handle them.
+
+3. [Middlewares](../middlewares/overview.md "Link to docs about middlewares"): Attached to the routers, middlewares can modify the requests or responses before they are sent to your service
+
+4. [Services](../routing/services/index.md "Link to docs about services"): Services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
 
 ## Edge Router
 
-Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
+Traefik is an *Edge Router*, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
-it knows all the logic and every rule that determine which services handle which requests (based on the [path](../routing/routers/index.md#rule), the [host](../routing/routers/index.md#rule), [headers](../routing/routers/index.md#rule), [and so on](../routing/routers/index.md#rule) ...).
+it knows all the logic and every [rule](../routing/routers/index.md#rule "Link to docs about routing rules") that determine which services handle which requests (based on the *path*, the *host*, *headers*, etc.).
 
-![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png)
+![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png "Picture explaining the infrastructure")
 
 ## Auto Service Discovery
 
@@ -21,7 +36,7 @@ Where traditionally edge routers (or reverse proxies) need a configuration file
 
 Deploying your services, you attach information that tells Traefik the characteristics of the requests the services can handle.
 
-![Decentralized Configuration](../assets/img/traefik-concepts-2.png)
+![Decentralized Configuration](../assets/img/traefik-concepts-2.png "Picture about Decentralized Configuration")
 
 It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
 Similarly, when a service is removed from the infrastructure, the corresponding route is deleted accordingly.
@@ -30,14 +45,16 @@ You no longer need to create and synchronize configuration files cluttered with
 
 !!! info "Many different rules"
 
-    In the example above, we used the request [path](../routing/routers/index.md#rule) to determine which service was in charge, but of course you can use many other different [rules](../routing/routers/index.md#rule).
+    In the example above, we used the request [path rule](../routing/routers/index.md#rule "Link to docs about routing rules") to determine which service was in charge.
+    Certainly, you can use many other different [rules](../routing/routers/index.md#rule "Link to docs about routing rules").
 
 !!! info "Updating the requests"
 
-    In the [middleware](../middlewares/overview.md) section, you can learn about how to update the requests before forwarding them to the services.
+    In the [middleware](../middlewares/overview.md "Link to middleware documentation") section, you can learn about how to update the requests before forwarding them to the services.
 
 !!! question "How does Traefik discover the services?"
 
-    Traefik is able to use your cluster API to discover the services and read the attached information. In Traefik, these connectors are called [providers](../providers/overview.md) because they _provide_ the configuration to Traefik. To learn more about them, read the [provider overview](../providers/overview.md) section.
+    Traefik is able to use your cluster API to discover the services and read the attached information.
+    In Traefik, these connectors are called [providers](../providers/overview.md "Link to overview about Traefik providers") because they *provide* the configuration to Traefik.
 
 {!traefik-for-business-applications.md!}

docs/content/getting-started/configuration-overview.md

@@ -79,7 +79,7 @@ traefik --help
 # or
 
 docker run traefik[:version] --help
-# ex: docker run traefik:v2.9 --help
+# ex: docker run traefik:v2.10 --help
 ```
 
 All available arguments can also be found [here](../reference/static-configuration/cli.md).

docs/content/getting-started/faq.md

@@ -157,3 +157,47 @@ By default, the following headers are automatically added when proxying requests
 
 For more details,
 please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
+
+## What does the "field not found" error mean?
+
+```shell
+error: field not found, node: -badField-
+```
+
+The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration.
+
+One easy way to check whether a configuration file is well-formed, is to validate it with:
+
+- [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json)
+- [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json)
+
+## Why are some resources (routers, middlewares, services...) not created/applied?
+
+As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated,
+one should look for an error in the logs.
+
+If found, the error obviously confirms that something went wrong while creating the resource,
+and the message should help in figuring out the mistake(s) in the configuration, and how to fix it.
+
+When using the file provider,
+one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
+
+## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?
+
+If you're trying to renew wildcard certificates, with DNS challenge,
+and you're getting errors such as:
+
+```txt
+msg="Error renewing certificate from LE: {example.com [*.example.com]}"
+providerName=letsencrypt.acme error="error: one or more domains had a problem:
+[example.com] acme: error presenting token: gandiv5: unexpected authZone example.com. for fqdn example.com."
+```
+
+then it could be due to `CNAME` support.
+
+In which case, you should make sure your infrastructure is properly set up for a
+`DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:
+
+```bash
+LEGO_DISABLE_CNAME_SUPPORT=true
+```

docs/content/getting-started/install-traefik.md

@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
 
 Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
 
-* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.8/traefik.sample.yml)
+* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.yml)
-* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.8/traefik.sample.toml)
+* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.toml)
 
 ```bash
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.9
+    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.10
 ```
 
 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 !!! tip
 
     * Prefer a fixed version than the latest that could be an unexpected version.
-    ex: `traefik:v2.9`
+    ex: `traefik:v2.10`
     * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
     * Any orchestrator using docker images can fetch the official Traefik docker image.
 
@@ -44,13 +44,13 @@ Traefik can be installed in Kubernetes using the Helm chart from <https://github
 
 Ensure that the following requirements are met:
 
-* Kubernetes 1.14+
+* Kubernetes 1.16+
-* Helm version 3.x is [installed](https://helm.sh/docs/intro/install/)
+* Helm version 3.9+ is [installed](https://helm.sh/docs/intro/install/)
 
-Add Traefik's chart repository to Helm:
+Add Traefik Labs chart repository to Helm:
 
 ```bash
-helm repo add traefik https://helm.traefik.io/traefik
+helm repo add traefik https://traefik.github.io/charts
 ```
 
 You can update the chart repository by running:
@@ -68,6 +68,9 @@ helm install traefik traefik/traefik
 !!! tip "Helm Features"
 
     All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
+
+    Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md). 
+
     For instance, installing the chart in a dedicated namespace:
 
     ```bash tab="Install in a Dedicated Namespace"
@@ -83,8 +86,7 @@ helm install traefik traefik/traefik
     as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
     {: #helm-custom-values }
 
-    The values are not (yet) documented, but are self-explanatory:
+    All parameters are documented in the default [`values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml).
-    you can look at the [default `values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
 
     You can also set Traefik command line flags using `additionalArguments`.
     Example of installation with logging set to `DEBUG`:
@@ -119,7 +121,7 @@ by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`)
 
 ```yaml
 # dashboard.yaml
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: dashboard

docs/content/getting-started/quick-start-with-kubernetes.md

@@ -130,7 +130,7 @@ spec:
       serviceAccountName: traefik-account
       containers:
         - name: traefik
-          image: traefik:v2.9
+          image: traefik:v2.10
           args:
             - --api.insecure
             - --providers.kubernetesingress

docs/content/getting-started/quick-start.md

@@ -20,7 +20,7 @@ version: '3'
 services:
   reverse-proxy:
     # The official v2 Traefik docker image
-    image: traefik:v2.9
+    image: traefik:v2.10
     # Enables the web UI and tells Traefik to listen to docker
     command: --api.insecure=true --providers.docker
     ports:
@@ -50,7 +50,12 @@ Now that we have a Traefik instance up and running, we will deploy new services.
 Edit your `docker-compose.yml` file and add the following at the end of your file.
 
 ```yaml
-# ...
+version: '3'
+
+services:
+
+  ...
+
   whoami:
     # A container that exposes an API to show its IP address
     image: traefik/whoami

docs/content/https/acme.md

@@ -11,7 +11,11 @@ Automatic HTTPS
 You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation.
 
 !!! warning "Let's Encrypt and Rate Limiting"
-    Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits).
+    Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to __one week__, and can not be overridden.
+    
+    When running Traefik in a container this file should be persisted across restarts. 
+    If Traefik requests new certificates each time it starts up, a crash-looping container can quickly reach Let's Encrypt's ratelimits.
+    To configure where certificates are stored, please take a look at the [storage](#storage) configuration.
 
     Use Let's Encrypt staging server with the [`caServer`](#caserver) configuration option
     when experimenting to avoid hitting this limit too fast.
@@ -279,8 +283,19 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
     # ...
     ```
 
-    !!! important
+!!! warning "`CNAME` support"
-        A `provider` is mandatory.
+
+    `CNAME` are supported (and sometimes even [encouraged](https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname)),
+    but there are a few cases where they can be [problematic](../../getting-started/faq/#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
+
+    If needed, `CNAME` support can be disabled with the following environment variable:
+
+    ```bash
+    LEGO_DISABLE_CNAME_SUPPORT=true
+    ```
+
+!!! important
+    A `provider` is mandatory.
 
 #### `providers`
 
@@ -293,112 +308,121 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 
 For complete details, refer to your provider's _Additional configuration_ link.
 
-| Provider Name                                                                                      | Provider Code  | Environment Variables                                                                                                                       |                                                                             |
+| Provider Name                                                            | Provider Code      | Environment Variables                                                                                                                       |                                                                                 |
-|----------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
+|--------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
-| [ACME DNS](https://github.com/joohoi/acme-dns)                                                     | `acme-dns`     | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)     |
+| [ACME DNS](https://github.com/joohoi/acme-dns)                           | `acme-dns`         | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)         |
-| [Alibaba Cloud](https://www.alibabacloud.com)                                                      | `alidns`       | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)       |
+| [Alibaba Cloud](https://www.alibabacloud.com)                            | `alidns`           | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)           |
-| [all-inkl](https://all-inkl.com)                                                                   | `allinkl`      | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)      |
+| [all-inkl](https://all-inkl.com)                                         | `allinkl`          | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)          |
-| [ArvanCloud](https://www.arvancloud.com/en)                                                        | `arvancloud`   | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)   |
+| [ArvanCloud](https://www.arvancloud.com/en)                              | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
-| [Auroradns](https://www.pcextreme.com/dns-health-checks)                                           | `auroradns`    | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)    |
+| [Auroradns](https://www.pcextreme.com/dns-health-checks)                 | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
-| [Autodns](https://www.internetx.com/domains/autodns/)                                              | `autodns`      | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)      |
+| [Autodns](https://www.internetx.com/domains/autodns/)                    | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
-| [Azure](https://azure.microsoft.com/services/dns/)                                                 | `azure`        | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)        |
+| [Azure](https://azure.microsoft.com/services/dns/)                       | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
-| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)                                         | `bindman`      | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)      |
+| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)               | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
-| [Blue Cat](https://www.bluecatnetworks.com/)                                                       | `bluecat`      | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)      |
+| [Blue Cat](https://www.bluecatnetworks.com/)                             | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
-| [Checkdomain](https://www.checkdomain.de/)                                                         | `checkdomain`  | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
+| [Checkdomain](https://www.checkdomain.de/)                               | `checkdomain`      | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/)     |
-| [CloudDNS](https://vshosting.eu/)                                                                  | `clouddns`     | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)     |
+| [Civo](https://www.civo.com/)                                            | `civo`             | `CIVO_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/civo)             |
-| [Cloudflare](https://www.cloudflare.com)                                                           | `cloudflare`   | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)   |
+| [CloudDNS](https://vshosting.eu/)                                        | `clouddns`         | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)         |
-| [ClouDNS](https://www.cloudns.net/)                                                                | `cloudns`      | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)      |
+| [Cloudflare](https://www.cloudflare.com)                                 | `cloudflare`       | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)       |
-| [CloudXNS](https://www.cloudxns.net)                                                               | `cloudxns`     | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)     |
+| [ClouDNS](https://www.cloudns.net/)                                      | `cloudns`          | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)          |
-| [ConoHa](https://www.conoha.jp)                                                                    | `conoha`       | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)       |
+| [CloudXNS](https://www.cloudxns.net)                                     | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
-| [Constellix](https://constellix.com)                                                               | `constellix`   | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)   |
+| [ConoHa](https://www.conoha.jp)                                          | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
-| [deSEC](https://desec.io)                                                                          | `desec`        | `DESEC_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/desec)        |
+| [Constellix](https://constellix.com)                                     | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
-| [DigitalOcean](https://www.digitalocean.com)                                                       | `digitalocean` | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
+| [deSEC](https://desec.io)                                                | `desec`            | `DESEC_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/desec)            |
-| [DNS Made Easy](https://dnsmadeeasy.com)                                                           | `dnsmadeeasy`  | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)  |
+| [DigitalOcean](https://www.digitalocean.com)                             | `digitalocean`     | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean)     |
-| [DNSimple](https://dnsimple.com)                                                                   | `dnsimple`     | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)     |
+| [DNS Made Easy](https://dnsmadeeasy.com)                                 | `dnsmadeeasy`      | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)      |
-| [DNSPod](https://www.dnspod.com/)                                                                  | `dnspod`       | `DNSPOD_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)       |
+| [dnsHome.de](https://www.dnshome.de)                                     | `dnsHomede`        | `DNSHOMEDE_CREDENTIALS`                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede)        |
-| [Domain Offensive (do.de)](https://www.do.de/)                                                     | `dode`         | `DODE_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/dode)         |
+| [DNSimple](https://dnsimple.com)                                         | `dnsimple`         | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)         |
-| [Domeneshop](https://domene.shop)                                                                  | `domeneshop`   | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)   |
+| [DNSPod](https://www.dnspod.com/)                                        | `dnspod`           | `DNSPOD_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
-| [DreamHost](https://www.dreamhost.com/)                                                            | `dreamhost`    | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)    |
+| [Domain Offensive (do.de)](https://www.do.de/)                           | `dode`             | `DODE_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/dode)             |
-| [Duck DNS](https://www.duckdns.org/)                                                               | `duckdns`      | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)      |
+| [Domeneshop](https://domene.shop)                                        | `domeneshop`       | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)       |
-| [Dyn](https://dyn.com)                                                                             | `dyn`          | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)          |
+| [DreamHost](https://www.dreamhost.com/)                                  | `dreamhost`        | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)        |
-| [Dynu](https://www.dynu.com)                                                                       | `dynu`         | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)         |
+| [Duck DNS](https://www.duckdns.org/)                                     | `duckdns`          | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)          |
-| [EasyDNS](https://easydns.com/)                                                                    | `easydns`      | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)      |
+| [Dyn](https://dyn.com)                                                   | `dyn`              | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)              |
-| [EdgeDNS](https://www.akamai.com/)                                                                 | `edgedns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)      |
+| [Dynu](https://www.dynu.com)                                             | `dynu`             | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)             |
-| [Epik](https://www.epik.com)                                                                       | `epik`         | `EPIK_SIGNATURE`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/epik)         |
+| [EasyDNS](https://easydns.com/)                                          | `easydns`          | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)          |
-| [Exoscale](https://www.exoscale.com)                                                               | `exoscale`     | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)     |
+| [EdgeDNS](https://www.akamai.com/)                                       | `edgedns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
-| [Fast DNS](https://www.akamai.com/)                                                                | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)      |
+| [Epik](https://www.epik.com)                                             | `epik`             | `EPIK_SIGNATURE`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/epik)             |
-| [Freemyip.com](https://freemyip.com)                                                               | `freemyip`     | `FREEMYIP_TOKEN`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)     |
+| [Exoscale](https://www.exoscale.com)                                     | `exoscale`         | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)         |
-| [G-Core Lab](https://gcorelabs.com/dns/)                                                           | `gcore`        | `GCORE_PERMANENT_API_TOKEN`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)        |
+| [Fast DNS](https://www.akamai.com/)                                      | `fastdns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
-| [Gandi v5](https://doc.livedns.gandi.net)                                                          | `gandiv5`      | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)      |
+| [Freemyip.com](https://freemyip.com)                                     | `freemyip`         | `FREEMYIP_TOKEN`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)         |
-| [Gandi](https://www.gandi.net)                                                                     | `gandi`        | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)        |
+| [G-Core Lab](https://gcorelabs.com/dns/)                                 | `gcore`            | `GCORE_PERMANENT_API_TOKEN`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)            |
-| [Glesys](https://glesys.com/)                                                                      | `glesys`       | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)       |
+| [Gandi v5](https://doc.livedns.gandi.net)                                | `gandiv5`          | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
-| [GoDaddy](https://godaddy.com/)                                                                    | `godaddy`      | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)      |
+| [Gandi](https://www.gandi.net)                                           | `gandi`            | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)            |
-| [Google Cloud DNS](https://cloud.google.com/dns/docs/)                                             | `gcloud`       | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)       |
+| [Glesys](https://glesys.com/)                                            | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
-| [Hetzner](https://hetzner.com)                                                                     | `hetzner`      | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)      |
+| [GoDaddy](https://www.godaddy.com)                                       | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
-| [hosting.de](https://www.hosting.de)                                                               | `hostingde`    | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)    |
+| [Google Cloud DNS](https://cloud.google.com/dns/docs/)                   | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
-| [Hosttech](https://www.hosttech.eu)                                                                | `hosttech`     | `HOSTTECH_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)     |
+| [Hetzner](https://hetzner.com)                                           | `hetzner`          | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
-| [Hurricane Electric](https://dns.he.net)                                                           | `hurricane`    | `HURRICANE_TOKENS` [^6]                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)    |
+| [hosting.de](https://www.hosting.de)                                     | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
-| [HyperOne](https://www.hyperone.com)                                                               | `hyperone`     | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)     |
+| [Hosttech](https://www.hosttech.eu)                                      | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
-| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                                                | `ibmcloud`     | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)     |
+| [Hurricane Electric](https://dns.he.net)                                 | `hurricane`        | `HURRICANE_TOKENS` [^6]                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)        |
-| [IIJ DNS Platform Service](https://www.iij.ad.jp)                                                  | `iijdpf`       | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE`                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf)       |
+| [HyperOne](https://www.hyperone.com)                                     | `hyperone`         | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)         |
-| [IIJ](https://www.iij.ad.jp/)                                                                      | `iij`          | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)          |
+| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                      | `ibmcloud`         | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)         |
-| [Infoblox](https://www.infoblox.com/)                                                              | `infoblox`     | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox)     |
+| [IIJ DNS Platform Service](https://www.iij.ad.jp)                        | `iijdpf`           | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE`                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf)           |
-| [Infomaniak](https://www.infomaniak.com)                                                           | `infomaniak`   | `INFOMANIAK_ACCESS_TOKEN`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak)   |
+| [IIJ](https://www.iij.ad.jp/)                                            | `iij`              | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)              |
-| [Internet.bs](https://internetbs.net)                                                              | `internetbs`   | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs)   |
+| [Infoblox](https://www.infoblox.com/)                                    | `infoblox`         | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox)         |
-| [INWX](https://www.inwx.de/en)                                                                     | `inwx`         | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)         |
+| [Infomaniak](https://www.infomaniak.com)                                 | `infomaniak`       | `INFOMANIAK_ACCESS_TOKEN`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak)       |
-| [ionos](https://ionos.com/)                                                                        | `ionos`        | `IONOS_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/ionos)        |
+| [Internet.bs](https://internetbs.net)                                    | `internetbs`       | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs)       |
-| [iwantmyname](https://iwantmyname.com)                                                             | `iwantmyname`  | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)  |
+| [INWX](https://www.inwx.de/en)                                           | `inwx`             | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)             |
-| [Joker.com](https://joker.com)                                                                     | `joker`        | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/joker)        |
+| [ionos](https://ionos.com/)                                              | `ionos`            | `IONOS_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/ionos)            |
-| [Lightsail](https://aws.amazon.com/lightsail/)                                                     | `lightsail`    | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)    |
+| [iwantmyname](https://iwantmyname.com)                                   | `iwantmyname`      | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)      |
-| [Linode v4](https://www.linode.com)                                                                | `linode`       | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)       |
+| [Joker.com](https://joker.com)                                           | `joker`            | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/joker)            |
-| [Liquid Web](https://www.liquidweb.com/)                                                           | `liquidweb`    | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)    |
+| [Liara](https://liara.ir)                                                | `liara`            | `LIARA_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liara)            |
-| [Loopia](https://loopia.com/)                                                                      | `loopia`       | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)       |
+| [Lightsail](https://aws.amazon.com/lightsail/)                           | `lightsail`        | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)        |
-| [LuaDNS](https://luadns.com)                                                                       | `luadns`       | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)       |
+| [Linode v4](https://www.linode.com)                                      | `linode`           | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)           |
-| [MyDNS.jp](https://www.mydns.jp/)                                                                  | `mydnsjp`      | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)      |
+| [Liquid Web](https://www.liquidweb.com/)                                 | `liquidweb`        | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)        |
-| [Mythic Beasts](https://www.mythic-beasts.com)                                                     | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
+| [Loopia](https://loopia.com/)                                            | `loopia`           | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)           |
-| [name.com](https://www.name.com/)                                                                  | `namedotcom`   | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)   |
+| [LuaDNS](https://luadns.com)                                             | `luadns`           | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)           |
-| [Namecheap](https://www.namecheap.com)                                                             | `namecheap`    | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)    |
+| [MyDNS.jp](https://www.mydns.jp/)                                        | `mydnsjp`          | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)          |
-| [Namesilo](https://www.namesilo.com/)                                                              | `namesilo`     | `NAMESILO_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)     |
+| [Mythic Beasts](https://www.mythic-beasts.com)                           | `mythicbeasts`     | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts)     |
-| [Netcup](https://www.netcup.eu/)                                                                   | `netcup`       | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)       |
+| [name.com](https://www.name.com/)                                        | `namedotcom`       | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)       |
-| [Netlify](https://www.netlify.com)                                                                 | `netlify`      | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)      |
+| [Namecheap](https://www.namecheap.com)                                   | `namecheap`        | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)        |
-| [Nicmanager](https://www.nicmanager.com)                                                           | `nicmanager`   | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager)   |
+| [Namesilo](https://www.namesilo.com/)                                    | `namesilo`         | `NAMESILO_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)         |
-| [NIFCloud](https://cloud.nifty.com/service/dns.htm)                                                | `nifcloud`     | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)     |
+| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/)                | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
-| [Njalla](https://njal.la)                                                                          | `njalla`       | `NJALLA_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)       |
+| [Netcup](https://www.netcup.eu/)                                         | `netcup`           | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)           |
-| [NS1](https://ns1.com/)                                                                            | `ns1`          | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)          |
+| [Netlify](https://www.netlify.com)                                       | `netlify`          | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)          |
-| [Open Telekom Cloud](https://cloud.telekom.de)                                                     | `otc`          | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)          |
+| [Nicmanager](https://www.nicmanager.com)                                 | `nicmanager`       | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager)       |
-| [Openstack Designate](https://docs.openstack.org/designate)                                        | `designate`    | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)    |
+| [NIFCloud](https://cloud.nifty.com/service/dns.htm)                      | `nifcloud`         | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)         |
-| [Oracle Cloud](https://cloud.oracle.com/home)                                                      | `oraclecloud`  | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)  |
+| [Njalla](https://njal.la)                                                | `njalla`           | `NJALLA_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)           |
-| [OVH](https://www.ovh.com)                                                                         | `ovh`          | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)          |
+| [NS1](https://ns1.com/)                                                  | `ns1`              | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)              |
-| [Porkbun](https://porkbun.com/)                                                                    | `porkbun`      | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)      |
+| [Open Telekom Cloud](https://cloud.telekom.de)                           | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
-| [PowerDNS](https://www.powerdns.com)                                                               | `pdns`         | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)         |
+| [Openstack Designate](https://docs.openstack.org/designate)              | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
-| [Rackspace](https://www.rackspace.com/cloud/dns)                                                   | `rackspace`    | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)    |
+| [Oracle Cloud](https://cloud.oracle.com/home)                            | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
-| [reg.ru](https://www.reg.ru)                                                                       | `regru`        | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)        |
+| [OVH](https://www.ovh.com)                                               | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
-| [RFC2136](https://tools.ietf.org/html/rfc2136)                                                     | `rfc2136`      | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)      |
+| [Porkbun](https://porkbun.com/)                                          | `porkbun`          | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)          |
-| [RimuHosting](https://rimuhosting.com)                                                             | `rimuhosting`  | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)  |
+| [PowerDNS](https://www.powerdns.com)                                     | `pdns`             | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)             |
-| [Route 53](https://aws.amazon.com/route53/)                                                        | `route53`      | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)      |
+| [Rackspace](https://www.rackspace.com/cloud/dns)                         | `rackspace`        | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)        |
-| [Sakura Cloud](https://cloud.sakura.ad.jp/)                                                        | `sakuracloud`  | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)  |
+| [reg.ru](https://www.reg.ru)                                             | `regru`            | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)            |
-| [Scaleway](https://www.scaleway.com)                                                               | `scaleway`     | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)     |
+| [RFC2136](https://tools.ietf.org/html/rfc2136)                           | `rfc2136`          | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)          |
-| [Selectel](https://selectel.ru/en/)                                                                | `selectel`     | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)     |
+| [RimuHosting](https://rimuhosting.com)                                   | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
-| [Servercow](https://servercow.de)                                                                  | `servercow`    | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)    |
+| [Route 53](https://aws.amazon.com/route53/)                              | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
-| [Simply.com](https://www.simply.com/en/domains/)                                                   | `simply`       | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/simply)       |
+| [Sakura Cloud](https://cloud.sakura.ad.jp/)                              | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
-| [Sonic](https://www.sonic.com/)                                                                    | `sonic`        | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)        |
+| [Scaleway](https://www.scaleway.com)                                     | `scaleway`         | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
-| [Stackpath](https://www.stackpath.com/)                                                            | `stackpath`    | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)    |
+| [Selectel](https://selectel.ru/en/)                                      | `selectel`         | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)         |
-| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)                                         | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
+| [Servercow](https://servercow.de)                                        | `servercow`        | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)        |
-| [TransIP](https://www.transip.nl/)                                                                 | `transip`      | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/transip)      |
+| [Simply.com](https://www.simply.com/en/domains/)                         | `simply`           | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/simply)           |
-| [UKFast SafeDNS](https://www.ans.co.uk/cloud-and-infrastructure/dedicated-servers/dns-management/) | `safedns`      | `SAFEDNS_AUTH_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)      |
+| [Sonic](https://www.sonic.com/)                                          | `sonic`            | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)            |
-| [VegaDNS](https://github.com/shupp/VegaDNS-API)                                                    | `vegadns`      | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)      |
+| [Stackpath](https://www.stackpath.com/)                                  | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
-| [Vercel](https://vercel.com)                                                                       | `vercel`       | `VERCEL_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vercel)       |
+| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)               | `tencentcloud`     | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud)     |
-| [Versio](https://www.versio.nl/domeinnamen)                                                        | `versio`       | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/versio)       |
+| [TransIP](https://www.transip.nl/)                                       | `transip`          | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/transip)          |
-| [VinylDNS](https://www.vinyldns.io)                                                                | `vinyldns`     | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns)     |
+| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html)   | `safedns`          | `SAFEDNS_AUTH_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)          |
-| [Vscale](https://vscale.io/)                                                                       | `vscale`       | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)       |
+| [Ultradns](https://neustarsecurityservices.com/dns-services)             | `ultradns`         | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns)         |
-| [VULTR](https://www.vultr.com)                                                                     | `vultr`        | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)        |
+| [Variomedia](https://www.variomedia.de/)                                 | `variomedia`       | `VARIOMEDIA_API_TOKEN`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia)       |
-| [WEDOS](https://www.wedos.com)                                                                     | `wedos`        | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)        |
+| [VegaDNS](https://github.com/shupp/VegaDNS-API)                          | `vegadns`          | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)          |
-| [Yandex](https://yandex.com)                                                                       | `yandex`       | `YANDEX_PDD_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)       |
+| [Vercel](https://vercel.com)                                             | `vercel`           | `VERCEL_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vercel)           |
-| [Zone.ee](https://www.zone.ee)                                                                     | `zoneee`       | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)       |
+| [Versio](https://www.versio.nl/domeinnamen)                              | `versio`           | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/versio)           |
-| [Zonomi](https://zonomi.com)                                                                       | `zonomi`       | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)       |
+| [VinylDNS](https://www.vinyldns.io)                                      | `vinyldns`         | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns)         |
-| External Program                                                                                   | `exec`         | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)         |
+| [VK Cloud](https://mcs.mail.ru/)                                         | `vkcloud`          | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud)          |
-| HTTP request                                                                                       | `httpreq`      | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)      |
+| [Vscale](https://vscale.io/)                                             | `vscale`           | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)           |
-| manual                                                                                             | `manual`       | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                             |
+| [VULTR](https://www.vultr.com)                                           | `vultr`            | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)            |
+| [Websupport](https://websupport.sk)                                      | `websupport`       | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/websupport)       |
+| [WEDOS](https://www.wedos.com)                                           | `wedos`            | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)            |
+| [Yandex Cloud](https://cloud.yandex.com/en/)                             | `yandexcloud`      | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud)      |
+| [Yandex](https://yandex.com)                                             | `yandex`           | `YANDEX_PDD_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)           |
+| [Zone.ee](https://www.zone.ee)                                           | `zoneee`           | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)           |
+| [Zonomi](https://zonomi.com)                                             | `zonomi`           | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)           |
+| External Program                                                         | `exec`             | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)             |
+| HTTP request                                                             | `httpreq`          | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)          |
+| manual                                                                   | `manual`           | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                                 |
 
 [^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
 [^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).

docs/content/https/include-acme-multiple-domains-example.md

@@ -22,7 +22,7 @@ deploy:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: blogtls

docs/content/https/include-acme-multiple-domains-from-rule-example.md

@@ -18,7 +18,7 @@ deploy:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: blogtls

docs/content/https/include-acme-single-domain-example.md

@@ -18,7 +18,7 @@ deploy:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: blogtls

docs/content/https/tls.md

@@ -134,7 +134,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSStore
 metadata:
   name: default
@@ -195,7 +195,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSStore
 metadata:
   name: default
@@ -277,7 +277,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default
@@ -287,7 +287,7 @@ spec:
   minVersion: VersionTLS12
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: mintls13
@@ -328,7 +328,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default
@@ -338,7 +338,7 @@ spec:
   maxVersion: VersionTLS13
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: maxtls12
@@ -373,7 +373,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default
@@ -418,7 +418,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default
@@ -454,7 +454,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default
@@ -493,7 +493,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default
@@ -509,15 +509,17 @@ spec:
 
 Traefik supports mutual authentication, through the `clientAuth` section.
 
-For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`.
+For authentication policies that require verification of the client certificate, the certificate authority for the certificates should be set in `clientAuth.caFiles`.
+
+In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) for more details.
 
 The `clientAuth.clientAuthType` option governs the behaviour as follows:
 
 - `NoClientCert`: disregards any client certificate.
 - `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
-- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`.
+- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`.
-- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
+- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. Otherwise proceeds without any certificate.
-- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
+- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`.
 
 ```yaml tab="File (YAML)"
 # Dynamic configuration
@@ -545,7 +547,7 @@ tls:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: default

docs/content/includes/traefik-for-business-applications.md

@@ -2,15 +2,10 @@
 
 !!! question "Using Traefik for Business Applications?"
 
-    If you are using Traefik for commercial applications,
+    If you are using Traefik in your organization, consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/). You can use it as your:
-    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
-    You can use it as your:
 
+    - [API Gateway](https://traefik.io/solutions/api-gateway/)
     - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
     - [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/)
-    - [API Gateway](https://traefik.io/solutions/api-gateway/)
 
-    Traefik Enterprise enables centralized access management,
+    Traefik Enterprise simplifies the discovery, security, and deployment of APIs and microservices across any environment. See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo).
-    distributed Let's Encrypt,
-    and other advanced capabilities.
-    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).

docs/content/index.md

@@ -24,10 +24,8 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo
 
 !!! info
 
-    Join our user friendly and active [Community Forum](https://community.traefik.io) to discuss, learn, and connect with the traefik community.
+    Join our user friendly and active [Community Forum]((https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.
-    
+
-    Using Traefik for commercial applications?
+    Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment.
-    Consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/), 
+
-    your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/), 
+    See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo "Link to video walkthrough").
-    or your [API gateway](https://traefik.io/solutions/api-gateway/). 
-    Get started with a [free 30-day trial](https://info.traefik.io/get-traefik-enterprise-free-for-30-days).

docs/content/middlewares/http/addprefix.md

@@ -22,7 +22,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Prefixing with /foo
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: add-foo

docs/content/middlewares/http/basicauth.md

@@ -28,7 +28,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Declaring the user list
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -114,7 +114,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Declaring the user list
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -207,7 +207,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -274,7 +274,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -322,7 +322,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: my-auth
@@ -367,7 +367,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth

docs/content/middlewares/http/buffering.md

@@ -26,7 +26,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Sets the maximum request body to 2MB
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: limit
@@ -84,7 +84,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: limit
@@ -134,7 +134,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: limit
@@ -186,7 +186,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: limit
@@ -236,7 +236,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: limit
@@ -288,7 +288,7 @@ You can have the Buffering middleware replay the request using `retryExpression`
     ```
 
     ```yaml tab="Kubernetes"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: Middleware
     metadata:
       name: limit

docs/content/middlewares/http/chain.md

@@ -30,7 +30,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: test
@@ -47,7 +47,7 @@ spec:
       middlewares:
         - name: secured
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: secured
@@ -58,7 +58,7 @@ spec:
     - name: known-ips
     - name: auth-users
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: auth-users
@@ -67,7 +67,7 @@ spec:
     users:
     - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: https-only
@@ -75,7 +75,7 @@ spec:
   redirectScheme:
     scheme: https
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: known-ips

docs/content/middlewares/http/circuitbreaker.md

@@ -38,7 +38,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Latency Check
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: latency-check

docs/content/middlewares/http/compress.md

@@ -22,7 +22,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Enable gzip compression
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-compress
@@ -88,7 +88,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-compress
@@ -142,7 +142,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-compress

docs/content/middlewares/http/contenttype.md

@@ -40,7 +40,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Disable auto-detection
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: autodetect

docs/content/middlewares/http/digestauth.md

@@ -22,7 +22,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Declaring the user list
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -90,7 +90,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -161,7 +161,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -228,7 +228,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -276,7 +276,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: my-auth
@@ -326,7 +326,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth

docs/content/middlewares/http/errorpages.md

@@ -27,7 +27,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-errors

docs/content/middlewares/http/forwardauth.md

@@ -24,7 +24,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Forward authentication to example.com
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -90,7 +90,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -138,7 +138,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -190,7 +190,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -248,7 +248,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -307,7 +307,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -371,7 +371,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -440,7 +440,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -518,7 +518,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
@@ -594,7 +594,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth

docs/content/middlewares/http/headers.md

@@ -27,7 +27,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-header
@@ -90,7 +90,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-header
@@ -158,7 +158,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-header
@@ -207,18 +207,21 @@ http:
 CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
 This functionality allows for more advanced security features to quickly be set.
 If CORS headers are set, then the middleware does not pass preflight requests to any service,
-instead the response will be generated and sent back to the client directly.
+instead the response will be generated and sent back to the client directly.  
+Please note that the example below is by no means authoritative or exhaustive,
+and should not be used as is for production.
 
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
   - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
   - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
   - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-header
@@ -228,6 +231,7 @@ spec:
       - "GET"
       - "OPTIONS"
       - "PUT"
+    accessControlAllowHeaders: "*"
     accessControlAllowOriginList:
       - "https://foo.bar.org"
       - "https://example.org"
@@ -237,6 +241,7 @@ spec:
 
 ```yaml tab="Consul Catalog"
 - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+- "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
 - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
 - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
 - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
@@ -245,6 +250,7 @@ spec:
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
+  "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*",
   "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist": "https://foo.bar.org,https://example.org",
   "traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
   "traefik.http.middlewares.testheader.headers.addvaryheader": "true"
@@ -254,6 +260,7 @@ spec:
 ```yaml tab="Rancher"
 labels:
   - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
   - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
   - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
   - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
@@ -268,6 +275,7 @@ http:
           - GET
           - OPTIONS
           - PUT
+        accessControlAllowHeaders: "*"
         accessControlAllowOriginList:
           - https://foo.bar.org
           - https://example.org
@@ -279,6 +287,7 @@ http:
 [http.middlewares]
   [http.middlewares.testHeader.headers]
     accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
+    accessControlAllowHeaders= "*"
     accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
     accessControlMaxAge = 100
     addVaryHeader = true

docs/content/middlewares/http/inflightreq.md

@@ -20,7 +20,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-inflightreq
@@ -75,7 +75,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-inflightreq
@@ -127,6 +127,8 @@ If none are set, the default is to use the `requestHost`.
 
 The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
 
+!!! important "As a middleware, InFlightReq happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through the middleware. Therefore, during InFlightReq, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be used and/or relied upon."
+
 ##### `ipStrategy.depth`
 
 The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).
@@ -150,7 +152,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-inflightreq
@@ -215,7 +217,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-inflightreq
@@ -272,7 +274,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-inflightreq
@@ -323,7 +325,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-inflightreq

docs/content/middlewares/http/ipwhitelist.md

@@ -21,7 +21,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ipwhitelist
@@ -75,7 +75,10 @@ The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using
 
 ### `ipStrategy`
 
-The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.
+The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.  
+If no strategy is set, the default behavior is to match `sourceRange` against the Remote address found in the request.
+
+!!! important "As a middleware, whitelisting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through whitelisting. Therefore, during whitelisting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be matched against `sourceRange`."
 
 #### `ipStrategy.depth`
 
@@ -103,7 +106,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Whitelisting Based on `X-Forwarded-For` with `depth=2`
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ipwhitelist
@@ -182,7 +185,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Exclude from `X-Forwarded-For`
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ipwhitelist

docs/content/middlewares/http/overview.md

@@ -29,9 +29,9 @@ whoami:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: middlewares.traefik.containo.us
+  name: middlewares.traefik.io
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: Middleware
@@ -40,7 +40,7 @@ spec:
   scope: Namespaced
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: stripprefix
@@ -50,7 +50,7 @@ spec:
       - /stripit
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: ingressroute

docs/content/middlewares/http/passtlsclientcert.md

@@ -16,16 +16,16 @@ PassTLSClientCert adds the selected data from the passed client TLS certificate
 
 ## Configuration Examples
 
-Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 
 ```yaml tab="Docker"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 labels:
   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-passtlsclientcert
@@ -35,7 +35,7 @@ spec:
 ```
 
 ```yaml tab="Consul Catalog"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header
 - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 
@@ -46,13 +46,13 @@ spec:
 ```
 
 ```yaml tab="Rancher"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 labels:
   - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 
 ```yaml tab="File (YAML)"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 http:
   middlewares:
     test-passtlsclientcert:
@@ -61,13 +61,13 @@ http:
 ```
 
 ```toml tab="File (TOML)"
-# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
+# Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 [http.middlewares]
   [http.middlewares.test-passtlsclientcert.passTLSClientCert]
     pem = true
 ```
 
-??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header"
+??? example "Pass the pem in the `X-Forwarded-Tls-Client-Cert` header"
 
     ```yaml tab="Docker"
     # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
@@ -95,7 +95,7 @@ http:
 
     ```yaml tab="Kubernetes"
     # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: Middleware
     metadata:
       name: test-passtlsclientcert
@@ -254,12 +254,12 @@ http:
 
 PassTLSClientCert can add two headers to the request:
 
-- `X-Forwarded-Tls-Client-Cert` that contains the escaped pem.
+- `X-Forwarded-Tls-Client-Cert` that contains the pem.
 - `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string.
 
 !!! info
 
-    * Each header value is a string that has been escaped in order to be a valid URL query.
+    * `X-Forwarded-Tls-Client-Cert-Info` header value is a string that has been escaped in order to be a valid URL query.
     * These options only work accordingly to the [MutualTLS configuration](../../https/tls.md#client-authentication-mtls).
     That is to say, only the certificates that match the `clientAuth.clientAuthType` policy are passed.
 
@@ -371,7 +371,7 @@ The following example shows a complete certificate and explains each of the midd
 
 ### `pem`
 
-The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escaped certificate.
+The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the certificate.
 
 In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters:
 

docs/content/middlewares/http/ratelimit.md

@@ -10,6 +10,8 @@ To Control the Number of Requests Going to a Service
 
 The RateLimit middleware ensures that services will receive a _fair_ amount of requests, and allows one to define what fair is.
 
+It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) implementation. In this analogy, the [average](#average) parameter (defined below) is the rate at which the bucket refills, and the [burst](#burst) is the size (volume) of the bucket.
+
 ## Configuration Example
 
 ```yaml tab="Docker"
@@ -23,7 +25,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Here, an average of 100 requests per second is allowed.
 # In addition, a burst of 50 requests is allowed.
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -94,7 +96,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # 100 reqs/s
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -154,7 +156,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # 6 reqs/minute
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -214,7 +216,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -262,6 +264,8 @@ If none are set, the default is to use the request's remote address field (as an
 
 The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
 
+!!! important "As a middleware, rate-limiting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through rate-limiting. Therefore, during rate-limiting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be found and/or relied upon."
+
 ##### `ipStrategy.depth`
 
 The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).
@@ -285,7 +289,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -377,7 +381,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -434,7 +438,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
@@ -485,7 +489,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit

docs/content/middlewares/http/redirectregex.md

@@ -26,7 +26,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Redirect with domain replacement
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-redirectregex

docs/content/middlewares/http/redirectscheme.md

@@ -34,7 +34,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-redirectscheme
@@ -98,7 +98,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-redirectscheme
@@ -159,7 +159,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-redirectscheme
@@ -215,7 +215,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-redirectscheme

docs/content/middlewares/http/replacepath.md

@@ -24,7 +24,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Replace the path with /foo
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-replacepath

docs/content/middlewares/http/replacepathregex.md

@@ -25,7 +25,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Replace path with regex
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-replacepathregex

docs/content/middlewares/http/retry.md

@@ -27,7 +27,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Retry 4 times with exponential backoff
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-retry

docs/content/middlewares/http/stripprefix.md

@@ -24,7 +24,7 @@ labels:
 
 ```yaml tab="Kubernetes"
 # Strip prefix /foobar and /fiibar
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-stripprefix
@@ -130,7 +130,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: example

docs/content/middlewares/http/stripprefixregex.md

@@ -18,7 +18,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: test-stripprefixregex

docs/content/middlewares/overview.md

@@ -37,7 +37,7 @@ whoami:
 
 ```yaml tab="Kubernetes IngressRoute"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: stripprefix
@@ -47,7 +47,7 @@ spec:
       - /stripit
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: ingressroute

docs/content/middlewares/tcp/inflightconn.md

@@ -13,7 +13,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: MiddlewareTCP
 metadata:
   name: test-inflightconn

docs/content/middlewares/tcp/ipwhitelist.md

@@ -19,7 +19,7 @@ labels:
 ```
 
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: MiddlewareTCP
 metadata:
   name: test-ipwhitelist

docs/content/middlewares/tcp/overview.md

@@ -29,9 +29,9 @@ whoami:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: middlewaretcps.traefik.containo.us
+  name: middlewaretcps.traefik.io
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: MiddlewareTCP
@@ -40,7 +40,7 @@ spec:
   scope: Namespaced
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: MiddlewareTCP
 metadata:
   name: foo-ip-whitelist
@@ -51,7 +51,7 @@ spec:
       - 192.168.1.7
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
   name: ingressroute

docs/content/migration/v1-to-v2.md

@@ -110,7 +110,7 @@ Then any router can refer to an instance of the wanted middleware.
     ```yaml tab="K8s IngressRoute"
     # The definitions below require the definitions for the Middleware and IngressRoute kinds.
     # https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: Middleware
     metadata:
       name: basicauth
@@ -123,7 +123,7 @@ Then any router can refer to an instance of the wanted middleware.
           - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
 
     ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: IngressRoute
     metadata:
       name: ingressroutebar
@@ -281,7 +281,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
     ```yaml tab="K8s IngressRoute"
     # The definitions below require the definitions for the TLSOption and IngressRoute kinds.
     # https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: TLSOption
     metadata:
       name: mytlsoption
@@ -297,7 +297,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
 	    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 
     ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: IngressRoute
     metadata:
       name: ingressroutebar
@@ -443,7 +443,7 @@ To apply a redirection:
     ```
 
     ```yaml tab="K8s IngressRoute"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: IngressRoute
     metadata:
       name: http-redirect-ingressroute
@@ -461,7 +461,7 @@ To apply a redirection:
             - name: https-redirect
 
     ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: IngressRoute
     metadata:
       name: https-ingressroute
@@ -478,7 +478,7 @@ To apply a redirection:
       tls: {}
 
     ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: Middleware
     metadata:
       name: https-redirect
@@ -597,7 +597,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
 
     ```yaml tab="Kubernetes IngressRoute"
     ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: IngressRoute
     metadata:
       name: http-redirect-ingressroute
@@ -614,7 +614,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
           middlewares:
             - name: admin-stripprefix
     ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: Middleware
     metadata:
       name: admin-stripprefix

docs/content/migration/v2.md

@@ -65,13 +65,18 @@ rules:
     verbs:
       - update
   - apiGroups:
+      - traefik.io
       - traefik.containo.us
     resources:
       - middlewares
+      - middlewaretcps
       - ingressroutes
       - traefikservices
       - ingressroutetcps
+      - ingressrouteudps
       - tlsoptions
+      - tlsstores
+      - serverstransports
     verbs:
       - get
       - list
@@ -167,17 +172,18 @@ rules:
       - traefik.containo.us
     resources:
       - middlewares
+      - middlewaretcps
       - ingressroutes
       - traefikservices
       - ingressroutetcps
       - ingressrouteudps
       - tlsoptions
       - tlsstores
+      - serverstransports
     verbs:
       - get
       - list
       - watch
-
 ```
 
 After having both resources applied, Traefik will work properly.
@@ -444,8 +450,8 @@ To enable HTTP/3 on an EntryPoint, please check out the [HTTP/3 configuration](.
 
 ### Kubernetes Gateway API Provider
 
-In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) of the specification and 
+In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) of the specification and 
-[route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
+[route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
 Therefore, the [RBAC](../reference/dynamic-configuration/kubernetes-gateway.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-gateway.md#definitions) definitions must be updated.
 
 ## v2.6.0 to v2.6.1
@@ -490,3 +496,30 @@ In `v2.8.2`, Traefik now reject certificates signed with the SHA-1 hash function
 ### Traefik Pilot
 
 In `v2.9`, Traefik Pilot support has been removed.
+
+## v2.10
+
+### Nomad Namespace
+
+In `v2.10`, the `namespace` option of the Nomad provider is deprecated, please use the `namespaces` options instead.
+
+### Kubernetes CRDs
+
+In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
+
+As the Kubernetes CRD provider still works with both API Versions (`traefik.io/v1alpha1` and `traefik.containo.us/v1alpha1`),
+it means that for the same kind, namespace and name, the provider will only keep the `traefik.io/v1alpha1` resource.
+
+In addition, the Kubernetes CRDs API Version `traefik.io/v1alpha1` will not be supported in Traefik v3 itself.
+
+Please note that it is a requirement to update the CRDs and the RBAC in the cluster before upgrading Traefik.
+To do so, please apply the required [CRDs](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml) and [RBAC](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml) manifests for v2.10:
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+```
+
+### Traefik Hub
+
+In `v2.10`, Traefik Hub is GA and the `experimental.hub` flag is deprecated.

docs/content/observability/access-logs.md

@@ -254,7 +254,7 @@ version: "3.7"
 
 services:
   traefik:
-    image: traefik:v2.9
+    image: traefik:v2.10
     environment:
       - TZ=US/Alaska
     command:

docs/content/observability/logs.md

@@ -64,7 +64,9 @@ log:
 
 #### `level`
 
-By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
+By default, the `level` is set to `ERROR`.
+
+Alternative logging levels are `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`.
 
 ```yaml tab="File (YAML)"
 log:

docs/content/observability/metrics/overview.md

@@ -1,11 +1,11 @@
 ---
 title: "Traefik Metrics Overview"
-description: "Traefik Proxy supports four metrics backend systems: Datadog, InfluxDB, Prometheus, and StatsD. Read the full documentation to get started."
+description: "Traefik Proxy supports these metrics backend systems: Datadog, InfluxDB, Prometheus, and StatsD. Read the full documentation to get started."
 ---
 
 # Metrics
 
-Traefik supports 4 metrics backends:
+Traefik supports these metrics backends:
 
 - [Datadog](./datadog.md)
 - [InfluxDB](./influxdb.md)
@@ -15,569 +15,188 @@ Traefik supports 4 metrics backends:
 
 ## Global Metrics
 
-| Metric                                                                  | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
+| Metric                                      | Type    | Description                                             |
-|-------------------------------------------------------------------------|---------|----------------------|------------|--------|
+|---------------------------------------------|---------|---------------------------------------------------------|
-| [Configuration reloads](#configuration-reloads)                         | ✓       | ✓                    | ✓          | ✓      |
+| Config reload total                         | Count   | The total count of configuration reloads.               |
-| [Last Configuration Reload Success](#last-configuration-reload-success) | ✓       | ✓                    | ✓          | ✓      |
+| Config reload last success                  | Gauge   | The timestamp of the last configuration reload success. |
-| [TLS certificates expiration](#tls-certificates-expiration)             | ✓       | ✓                    | ✓          | ✓      |
+| TLS certificates not after                  | Gauge   | The expiration date of certificates.                    |
 
-### Configuration Reloads
+```prom tab="Prometheus"
-
+traefik_config_reloads_total
-The total count of configuration reloads.
+traefik_config_last_reload_success
+traefik_tls_certs_not_after
+```
 
 ```dd tab="Datadog"
 config.reload.total
+config.reload.lastSuccessTimestamp
+tls.certs.notAfterTimestamp
 ```
 
 ```influxdb tab="InfluxDB / InfluxDB2"
 traefik.config.reload.total
-```
+traefik.config.reload.lastSuccessTimestamp
-
+traefik.tls.certs.notAfterTimestamp
-```prom tab="Prometheus"
-traefik_config_reloads_total
 ```
 
 ```statsd tab="StatsD"
 # Default prefix: "traefik"
 {prefix}.config.reload.total
-```
-
-### Last Configuration Reload Success
-
-The timestamp of the last configuration reload success.
-
-```dd tab="Datadog"
-config.reload.lastSuccessTimestamp
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.config.reload.lastSuccessTimestamp
-```
-
-```prom tab="Prometheus"
-traefik_config_last_reload_success
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.config.reload.lastSuccessTimestamp
-```
-
-### TLS certificates expiration
-
-The expiration date of certificates.
-
-[Labels](#labels): `cn`, `sans`, `serial`.
-
-```dd tab="Datadog"
-tls.certs.notAfterTimestamp
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.tls.certs.notAfterTimestamp
-```
-
-```prom tab="Prometheus"
-traefik_tls_certs_not_after
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.tls.certs.notAfterTimestamp
 ```
 
 ## EntryPoint Metrics
 
-| Metric                                                    | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
+| Metric                | Type      | [Labels](#labels)                          | Description                                                         |
-|-----------------------------------------------------------|---------|----------------------|------------|--------|
+|-----------------------|-----------|--------------------------------------------|---------------------------------------------------------------------|
-| [HTTP Requests Count](#http-requests-count)               | ✓       | ✓                    | ✓          | ✓      |
+| Requests total        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
-| [HTTPS Requests Count](#https-requests-count)             | ✓       | ✓                    | ✓          | ✓      |
+| Requests TLS total    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
-| [Request Duration Histogram](#request-duration-histogram) | ✓       | ✓                    | ✓          | ✓      |
+| Request duration      | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
-| [Open Connections Count](#open-connections-count)         | ✓       | ✓                    | ✓          | ✓      |
+| Open connections      | Count     | `method`, `protocol`, `entrypoint`         | The current count of open connections on an entrypoint.             |
-| [Requests Bytes Count](#requests-bytes-count)             | ✓       | ✓                    | ✓          | ✓      |
+| Requests bytes total  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
-| [Responses Bytes Count](#responses-bytes-count)           | ✓       | ✓                    | ✓          | ✓      |
+| Responses bytes total | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
 
-### HTTP Requests Count
+```prom tab="Prometheus"
-
+traefik_entrypoint_requests_total
-The total count of HTTP requests received by an entrypoint.
+traefik_entrypoint_requests_tls_total
-
+traefik_entrypoint_request_duration_seconds
-[Labels](#labels): `code`, `method`, `protocol`, `entrypoint`.
+traefik_entrypoint_open_connections
+traefik_entrypoint_requests_bytes_total
+traefik_entrypoint_responses_bytes_total
+```
 
 ```dd tab="Datadog"
 entrypoint.request.total
+entrypoint.request.tls.total
+entrypoint.request.duration
+entrypoint.connections.open
+entrypoint.requests.bytes.total
+entrypoint.responses.bytes.total
 ```
 
 ```influxdb tab="InfluxDB / InfluxDB2"
 traefik.entrypoint.requests.total
-```
+traefik.entrypoint.requests.tls.total
-
+traefik.entrypoint.request.duration
-```prom tab="Prometheus"
+traefik.entrypoint.connections.open
-traefik_entrypoint_requests_total
+traefik.entrypoint.requests.bytes.total
+traefik.entrypoint.responses.bytes.total
 ```
 
 ```statsd tab="StatsD"
 # Default prefix: "traefik"
 {prefix}.entrypoint.request.total
-```
-
-### HTTPS Requests Count
-
-The total count of HTTPS requests received by an entrypoint.
-
-[Labels](#labels): `tls_version`, `tls_cipher`, `entrypoint`.
-
-```dd tab="Datadog"
-entrypoint.request.tls.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.entrypoint.requests.tls.total
-```
-
-```prom tab="Prometheus"
-traefik_entrypoint_requests_tls_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.entrypoint.request.tls.total
-```
-
-### Request Duration Histogram
-
-Request processing duration histogram on an entrypoint.
-
-[Labels](#labels): `code`, `method`, `protocol`, `entrypoint`.
-
-```dd tab="Datadog"
-entrypoint.request.duration
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.entrypoint.request.duration
-```
-
-```prom tab="Prometheus"
-traefik_entrypoint_request_duration_seconds
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.entrypoint.request.duration
-```
-
-### Open Connections Count
-
-The current count of open connections on an entrypoint.
-
-[Labels](#labels): `method`, `protocol`, `entrypoint`.
-
-```dd tab="Datadog"
-entrypoint.connections.open
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.entrypoint.connections.open
-```
-
-```prom tab="Prometheus"
-traefik_entrypoint_open_connections
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.entrypoint.connections.open
-```
-
-### Requests Bytes Count
-
-The total size of HTTP requests in bytes handled by an entrypoint.
-
-[Labels](#labels): `code`, `method`, `protocol`, `entrypoint`.
-
-```dd tab="Datadog"
-entrypoint.requests.bytes.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.entrypoint.requests.bytes.total
-```
-
-```prom tab="Prometheus"
-traefik_entrypoint_requests_bytes_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.entrypoint.requests.bytes.total
-```
-
-### Responses Bytes Count
-
-The total size of HTTP responses in bytes handled by an entrypoint.
-
-[Labels](#labels): `code`, `method`, `protocol`, `entrypoint`.
-
-```dd tab="Datadog"
-entrypoint.responses.bytes.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.entrypoint.responses.bytes.total
-```
-
-```prom tab="Prometheus"
-traefik_entrypoint_responses_bytes_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.entrypoint.responses.bytes.total
 ```
 
 ## Router Metrics
 
-| Metric                                                      | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
+| Metric                | Type      | [Labels](#labels)                                 | Description                                                    |
-|-------------------------------------------------------------|---------|----------------------|------------|--------|
+|-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
-| [HTTP Requests Count](#http-requests-count_1)               | ✓       | ✓                    | ✓          | ✓      |
+| Requests total        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
-| [HTTPS Requests Count](#https-requests-count_1)             | ✓       | ✓                    | ✓          | ✓      |
+| Requests TLS total    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
-| [Request Duration Histogram](#request-duration-histogram_1) | ✓       | ✓                    | ✓          | ✓      |
+| Request duration      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
-| [Open Connections Count](#open-connections-count_1)         | ✓       | ✓                    | ✓          | ✓      |
+| Open connections      | Count     | `method`, `protocol`, `router`, `service`         | The current count of open connections on a router.             |
-| [Requests Bytes Count](#requests-bytes-count_1)             | ✓       | ✓                    | ✓          | ✓      |
+| Requests bytes total  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
-| [Responses Bytes Count](#responses-bytes-count_1)           | ✓       | ✓                    | ✓          | ✓      |
+| Responses bytes total | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
 
-### HTTP Requests Count
+```prom tab="Prometheus"
-
+traefik_router_requests_total
-The total count of HTTP requests handled by a router.
+traefik_router_requests_tls_total
-
+traefik_router_request_duration_seconds
-[Labels](#labels): `code`, `method`, `protocol`, `router`, `service`.
+traefik_router_open_connections
+traefik_router_requests_bytes_total
+traefik_router_responses_bytes_total
+```
 
 ```dd tab="Datadog"
 router.request.total
+router.request.tls.total
+router.request.duration
+router.connections.open
+router.requests.bytes.total
+router.responses.bytes.total
 ```
 
 ```influxdb tab="InfluxDB / InfluxDB2"
 traefik.router.requests.total
-```
+traefik.router.requests.tls.total
-
+traefik.router.request.duration
-```prom tab="Prometheus"
+traefik.router.connections.open
-traefik_router_requests_total
+traefik.router.requests.bytes.total
+traefik.router.responses.bytes.total
 ```
 
 ```statsd tab="StatsD"
 # Default prefix: "traefik"
 {prefix}.router.request.total
-```
-
-### HTTPS Requests Count
-
-The total count of HTTPS requests handled by a router.
-
-[Labels](#labels): `tls_version`, `tls_cipher`, `router`, `service`.
-
-```dd tab="Datadog"
-router.request.tls.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.router.requests.tls.total
-```
-
-```prom tab="Prometheus"
-traefik_router_requests_tls_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.router.request.tls.total
-```
-
-### Request Duration Histogram
-
-Request processing duration histogram on a router.
-
-[Labels](#labels): `code`, `method`, `protocol`, `router`, `service`.
-
-```dd tab="Datadog"
-router.request.duration
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.router.request.duration
-```
-
-```prom tab="Prometheus"
-traefik_router_request_duration_seconds
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.router.request.duration
-```
-
-### Open Connections Count
-
-The current count of open connections on a router.
-
-[Labels](#labels): `method`, `protocol`, `router`, `service`.
-
-```dd tab="Datadog"
-router.connections.open
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.router.connections.open
-```
-
-```prom tab="Prometheus"
-traefik_router_open_connections
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.router.connections.open
-```
-
-### Requests Bytes Count
-
-The total size of HTTP requests in bytes handled by a router.
-
-[Labels](#labels): `code`, `method`, `protocol`, `router`, `service`.
-
-```dd tab="Datadog"
-router.requests.bytes.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.router.requests.bytes.total
-```
-
-```prom tab="Prometheus"
-traefik_router_requests_bytes_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.router.requests.bytes.total
-```
-
-### Responses Bytes Count
-
-The total size of HTTP responses in bytes handled by a router.
-
-[Labels](#labels): `code`, `method`, `protocol`, `router`, `service`.
-
-```dd tab="Datadog"
-router.responses.bytes.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.router.responses.bytes.total
-```
-
-```prom tab="Prometheus"
-traefik_router_responses_bytes_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.router.responses.bytes.total
 ```
 
 ## Service Metrics
 
-| Metric                                                      | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
+| Metric                | Type      | Labels                                  | Description                                                 |
-|-------------------------------------------------------------|---------|----------------------|------------|--------|
+|-----------------------|-----------|-----------------------------------------|-------------------------------------------------------------|
-| [HTTP Requests Count](#http-requests-count_2)               | ✓       | ✓                    | ✓          | ✓      |
+| Requests total        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
-| [HTTPS Requests Count](#https-requests-count_2)             | ✓       | ✓                    | ✓          | ✓      |
+| Requests TLS total    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
-| [Request Duration Histogram](#request-duration-histogram_2) | ✓       | ✓                    | ✓          | ✓      |
+| Request duration      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
-| [Open Connections Count](#open-connections-count_2)         | ✓       | ✓                    | ✓          | ✓      |
+| Open connections      | Count     | `method`, `protocol`, `service`         | The current count of open connections on a service.         |
-| [Requests Retries Count](#requests-retries-count)           | ✓       | ✓                    | ✓          | ✓      |
+| Retries total         | Count     | `service`                               | The count of requests retries on a service.                 |
-| [Service Server UP](#service-server-up)                     | ✓       | ✓                    | ✓          | ✓      |
+| Server UP             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
-| [Requests Bytes Count](#requests-bytes-count_2)             | ✓       | ✓                    | ✓          | ✓      |
+| Requests bytes total  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
-| [Responses outgoing traffic](#responses-bytes-count_2)      | ✓       | ✓                    | ✓          | ✓      |
+| Responses bytes total | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
 
-### HTTP Requests Count
+```prom tab="Prometheus"
-
+traefik_service_requests_total
-The total count of HTTP requests processed on a service.
+traefik_service_requests_tls_total
-
+traefik_service_request_duration_seconds
-[Labels](#labels): `code`, `method`, `protocol`, `service`.
+traefik_service_open_connections
+traefik_service_retries_total
+traefik_service_server_up
+traefik_service_requests_bytes_total
+traefik_service_responses_bytes_total
+```
 
 ```dd tab="Datadog"
 service.request.total
+router.service.tls.total
+service.request.duration
+service.connections.open
+service.retries.total
+service.server.up
+service.requests.bytes.total
+service.responses.bytes.total
 ```
 
 ```influxdb tab="InfluxDB / InfluxDB2"
 traefik.service.requests.total
-```
+traefik.service.requests.tls.total
-
+traefik.service.request.duration
-```prom tab="Prometheus"
+traefik.service.connections.open
-traefik_service_requests_total
+traefik.service.retries.total
+traefik.service.server.up
+traefik.service.requests.bytes.total
+traefik.service.responses.bytes.total
 ```
 
 ```statsd tab="StatsD"
 # Default prefix: "traefik"
 {prefix}.service.request.total
-```
-
-### HTTPS Requests Count
-
-The total count of HTTPS requests processed on a service.
-
-[Labels](#labels): `tls_version`, `tls_cipher`, `service`.
-
-```dd tab="Datadog"
-router.service.tls.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.requests.tls.total
-```
-
-```prom tab="Prometheus"
-traefik_service_requests_tls_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.request.tls.total
-```
-
-### Request Duration Histogram
-
-Request processing duration histogram on a service.
-
-[Labels](#labels): `code`, `method`, `protocol`, `service`.
-
-```dd tab="Datadog"
-service.request.duration
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.request.duration
-```
-
-```prom tab="Prometheus"
-traefik_service_request_duration_seconds
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.request.duration
-```
-
-### Open Connections Count
-
-The current count of open connections on a service.
-
-[Labels](#labels): `method`, `protocol`, `service`.
-
-```dd tab="Datadog"
-service.connections.open
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.connections.open
-```
-
-```prom tab="Prometheus"
-traefik_service_open_connections
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.connections.open
-```
-
-### Requests Retries Count
-
-The count of requests retries on a service.
-
-[Labels](#labels): `service`.
-
-```dd tab="Datadog"
-service.retries.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.retries.total
-```
-
-```prom tab="Prometheus"
-traefik_service_retries_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.retries.total
-```
-
-### Service Server UP
-
-Current service's server status, described by a gauge with a value of 0 for a down server or a value of 1 for an up server.
-
-[Labels](#labels): `service`, `url`.
-
-```dd tab="Datadog"
-service.server.up
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.server.up
-```
-
-```prom tab="Prometheus"
-traefik_service_server_up
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.server.up
-```
-
-### Requests Bytes Count
-
-The total size of requests in bytes received by a service.
-
-[Labels](#labels): `code`, `method`, `protocol`, `service`.
-
-```dd tab="Datadog"
-service.requests.bytes.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.requests.bytes.total
-```
-
-```prom tab="Prometheus"
-traefik_service_requests_bytes_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.requests.bytes.total
-```
-
-### Responses Bytes Count
-
-The total size of responses in bytes returned by a service.
-
-[Labels](#labels): `code`, `method`, `protocol`, `service`.
-
-```dd tab="Datadog"
-service.responses.bytes.total
-```
-
-```influxdb tab="InfluxDB / InfluxDB2"
-traefik.service.responses.bytes.total
-```
-
-```prom tab="Prometheus"
-traefik_service_responses_bytes_total
-```
-
-```statsd tab="StatsD"
-# Default prefix: "traefik"
 {prefix}.service.responses.bytes.total
 ```
 

docs/content/observability/metrics/prometheus.md

@@ -165,3 +165,66 @@ metrics:
 ```bash tab="CLI"
 --metrics.prometheus.manualrouting=true
 ```
+
+#### `headerLabels`
+
+_Optional_
+
+Defines the extra labels for the `requests_total` metrics, and for each of them, the request header containing the value for this label.
+Please note that if the header is not present in the request it will be added nonetheless with an empty value.
+In addition, the label should be a valid label name for Prometheus metrics, 
+otherwise, the Prometheus metrics provider will fail to serve any Traefik-related metric.
+
+```yaml tab="File (YAML)"
+metrics:
+  prometheus:
+    headerLabels:
+      label: headerKey
+```
+
+```toml tab="File (TOML)"
+[metrics]
+  [metrics.prometheus]
+    [metrics.prometheus.headerLabels]
+      label = "headerKey"
+```
+
+```bash tab="CLI"
+--metrics.prometheus.headerlabels.label=headerKey
+```
+
+##### Example
+
+Here is an example of the entryPoint `requests_total` metric with an additional "useragent" label.
+
+When configuring the label in Static Configuration:
+
+```yaml tab="File (YAML)"
+metrics:
+  prometheus:
+    headerLabels:
+      useragent: User-Agent
+```
+
+```toml tab="File (TOML)"
+[metrics]
+  [metrics.prometheus]
+    [metrics.prometheus.headerLabels]
+      useragent = "User-Agent"
+```
+
+```bash tab="CLI"
+--metrics.prometheus.headerlabels.useragent=User-Agent
+```
+
+And performing a request with a custom User-Agent:
+
+```bash
+curl -H "User-Agent: foobar" http://localhost
+```
+
+The following metric is produced :
+
+```bash
+traefik_entrypoint_requests_total{code="200",entrypoint="web",method="GET",protocol="http",useragent="foobar"} 1
+```

docs/content/observability/tracing/datadog.md

@@ -23,24 +23,46 @@ tracing:
 
 #### `localAgentHostPort`
 
-_Required, Default="127.0.0.1:8126"_
+_Optional, Default="localhost:8126"_
 
 Local Agent Host Port instructs the reporter to send spans to the Datadog Agent at this address (host:port).
 
 ```yaml tab="File (YAML)"
 tracing:
   datadog:
-    localAgentHostPort: 127.0.0.1:8126
+    localAgentHostPort: localhost:8126
 ```
 
 ```toml tab="File (TOML)"
 [tracing]
   [tracing.datadog]
-    localAgentHostPort = "127.0.0.1:8126"
+    localAgentHostPort = "localhost:8126"
 ```
 
 ```bash tab="CLI"
---tracing.datadog.localAgentHostPort=127.0.0.1:8126
+--tracing.datadog.localAgentHostPort=localhost:8126
+```
+
+#### `localAgentSocket`
+
+_Optional, Default=""_
+
+Local Agent Socket instructs the reporter to send spans to the Datadog Agent at this UNIX socket.
+
+```yaml tab="File (YAML)"
+tracing:
+  datadog:
+    localAgentSocket: /var/run/datadog/apm.socket
+```
+
+```toml tab="File (TOML)"
+[tracing]
+  [tracing.datadog]
+    localAgentSocket = "/var/run/datadog/apm.socket"
+```
+
+```bash tab="CLI"
+--tracing.datadog.localAgentSocket=/var/run/datadog/apm.socket
 ```
 
 #### `debug`

docs/content/operations/dashboard.md

@@ -93,12 +93,12 @@ rule = "Host(`traefik.example.com`)"
 
 ```bash tab="Path Prefix Rule"
 # The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
-rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+rule = "PathPrefix(`/api`, `/dashboard`)"
 ```
 
 ```bash tab="Combination of Rules"
 # The dashboard can be accessed on http://traefik.example.com/dashboard/
-rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)"
 ```
 
 ??? example "Dashboard Dynamic Configuration Examples"

docs/content/operations/include-api-examples.md

@@ -20,7 +20,7 @@ deploy:
 ```
 
 ```yaml tab="Kubernetes CRD"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: traefik-dashboard
@@ -34,7 +34,7 @@ spec:
     middlewares:
       - name: auth
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: auth

docs/content/operations/include-dashboard-examples.md

@@ -20,7 +20,7 @@ deploy:
 ```
 
 ```yaml tab="Kubernetes CRD"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: traefik-dashboard
@@ -34,7 +34,7 @@ spec:
     middlewares:
       - name: auth
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: auth

docs/content/providers/docker.md

@@ -95,7 +95,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
 ## Routing Configuration
 
 When using Docker as a [provider](./overview.md),
-Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
+Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#label) to retrieve its routing configuration.
 
 See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
 
@@ -265,7 +265,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
 
     services:
       traefik:
-         image: traefik:v2.9 # The official v2 Traefik docker image
+         image: traefik:v2.10 # The official v2 Traefik docker image
          ports:
            - "80:80"
          volumes:
@@ -440,10 +440,11 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
 
 The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
 
-It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
+It must be a valid [Go template](https://pkg.go.dev/text/template/),
-[sprig template functions](https://masterminds.github.io/sprig/).
+and can use [sprig template functions](https://masterminds.github.io/sprig/).
-The container service name can be accessed with the `Name` identifier,
+The container name can be accessed with the `ContainerName` identifier.
-and the template has access to all the labels defined on this container.
+The service name can be accessed with the `Name` identifier.
+The template has access to all the labels defined on this container with the `Labels` identifier.
 
 ```yaml tab="File (YAML)"
 providers:
@@ -539,7 +540,7 @@ providers:
 
 _Optional, Default=true_
 
-Watch Docker Swarm events.
+Watch Docker events.
 
 ```yaml tab="File (YAML)"
 providers:

docs/content/providers/ecs.md

@@ -70,7 +70,7 @@ _Optional, Default=false_
 
 Search for services in cluster list.
 
-- If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters.
+- If set to `true` service discovery is enabled for all clusters.
 - If set to `false` service discovery is enabled on configured clusters only.
 
 ```yaml tab="File (YAML)"
@@ -123,6 +123,7 @@ providers:
 _Optional, Default=["default"]_
 
 Search for services in cluster list.
+This option is ignored if `autoDiscoverClusters` is set to `true`.
 
 ```yaml tab="File (YAML)"
 providers:
@@ -169,6 +170,70 @@ providers:
 # ...
 ```
 
+### `constraints`
+
+_Optional, Default=""_
+
+The `constraints` option can be set to an expression that Traefik matches against the container labels (task),
+to determine whether to create any route for that container. 
+If none of the container labels match the expression, no route for that container is created. 
+If the expression is empty, all detected containers are included.
+
+The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")` functions,
+as well as the usual boolean logic, as shown in examples below.
+
+??? example "Constraints Expression Examples"
+
+    ```toml
+    # Includes only containers having a label with key `a.label.name` and value `foo`
+    constraints = "Label(`a.label.name`, `foo`)"
+    ```
+
+    ```toml
+    # Excludes containers having any label with key `a.label.name` and value `foo`
+    constraints = "!Label(`a.label.name`, `value`)"
+    ```
+
+    ```toml
+    # With logical AND.
+    constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
+    ```
+
+    ```toml
+    # With logical OR.
+    constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
+    ```
+
+    ```toml
+    # With logical AND and OR, with precedence set by parentheses.
+    constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
+    ```
+
+    ```toml
+    # Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
+    constraints = "LabelRegex(`a.label.name`, `a.+`)"
+    ```
+
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    constraints: "Label(`a.label.name`,`foo`)"
+    # ...
+```
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  constraints = "Label(`a.label.name`,`foo`)"
+  # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.constraints=Label(`a.label.name`,`foo`)
+# ...
+```
+
 ### `defaultRule`
 
 _Optional, Default=```Host(`{{ normalize .Name }}`)```_

docs/content/providers/kubernetes-crd.md

@@ -35,10 +35,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
 
     ```bash
     # Install Traefik Resource Definitions:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
     
     # Install RBAC for Traefik:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
     ```
 
 ## Resource Configuration

docs/content/providers/kubernetes-gateway.md

@@ -78,7 +78,7 @@ This provider is proposed as an experimental feature and partially supports the
 
 The Kubernetes Gateway API project provides several guides on how to use the APIs.
 These guides can help you to go further than the example above.
-The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) details how to install the CRDs from their repository.
+The [getting started guide](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) details how to install the CRDs from their repository.
 
 !!! note ""
 

docs/content/providers/kubernetes-ingress.md

@@ -374,7 +374,7 @@ providers:
 
 _Optional, Default: ""_
 
-IP used for Kubernetes Ingress endpoints.
+This IP will get copied to Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6).
 
 ```yaml tab="File (YAML)"
 providers:
@@ -398,7 +398,9 @@ providers:
 
 _Optional, Default: ""_
 
-Published Kubernetes Service to copy status from.
+The Kubernetes service to copy status from.
+When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the ingresses.
+
 Format: `namespace/servicename`.
 
 ```yaml tab="File (YAML)"
@@ -500,6 +502,6 @@ providers:
 ### Further
 
 To learn more about the various aspects of the Ingress specification that Traefik supports,
-many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.8/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.10/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
 
 {!traefik-for-business-applications.md!}

docs/content/providers/nomad.md

@@ -442,24 +442,65 @@ For additional information, refer to [Restrict the Scope of Service Discovery](.
 
 ### `namespace`
 
+??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
+
+    _Optional, Default=""_
+
+    The `namespace` option defines the namespace in which the Nomad services will be discovered.
+    
+    !!! warning
+    
+        One should only define either the `namespaces` option or the `namespace` option.
+
+    ```yaml tab="File (YAML)"
+    providers:
+      nomad:
+        namespace: "production"
+        # ...
+    ```
+
+    ```toml tab="File (TOML)"
+    [providers.nomad]
+      namespace = "production"
+      # ...
+    ```
+
+    ```bash tab="CLI"
+    --providers.nomad.namespace=production
+    # ...
+    ```
+
+### `namespaces`
+
 _Optional, Default=""_
 
-The `namespace` option defines the namespace in which the Nomad services will be discovered.
+The `namespaces` option defines the namespaces in which the nomad services will be discovered.
+When using the `namespaces` option, the discovered object names will be suffixed as shown below:
+
+```text
+<resource-name>@nomad-<namespace>
+```
+
+!!! warning
+  
+    One should only define either the `namespaces` option or the `namespace` option.
 
 ```yaml tab="File (YAML)"
 providers:
   nomad:
-    namespace: "production"
+    namespaces:
+      - "ns1"
+      - "ns2"
     # ...
 ```
 
 ```toml tab="File (TOML)"
 [providers.nomad]
-  namespace = "production"
+  namespaces = ["ns1", "ns2"]
   # ...
 ```
 
 ```bash tab="CLI"
---providers.nomad.namespace=production
+--providers.nomad.namespaces=ns1,ns2
 # ...
 ```

docs/content/providers/overview.md

@@ -82,7 +82,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
     ```
 
     ```yaml tab="Kubernetes Ingress Route"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: IngressRoute
     metadata:
       name: ingressroutestripprefix
@@ -104,7 +104,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
     ```
 
     ```yaml tab="Kubernetes Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
     kind: Middleware
     metadata:
       name: stripprefix
@@ -213,6 +213,7 @@ you can do so in two different ways:
 List of providers that support these features:
 
 - [Docker](./docker.md#exposedbydefault)
+- [ECS](./ecs.md#exposedbydefault)
 - [Consul Catalog](./consul-catalog.md#exposedbydefault)
 - [Nomad](./nomad.md#exposedbydefault)
 - [Rancher](./rancher.md#exposedbydefault)
@@ -223,6 +224,7 @@ List of providers that support these features:
 List of providers that support constraints:
 
 - [Docker](./docker.md#constraints)
+- [ECS](./ecs.md#constraints)
 - [Consul Catalog](./consul-catalog.md#constraints)
 - [Nomad](./nomad.md#constraints)
 - [Rancher](./rancher.md#constraints)

docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1beta1.yml

@@ -1,10 +1,10 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: ingressroutes.traefik.containo.us
+  name: ingressroutes.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: IngressRoute
@@ -16,10 +16,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: middlewares.traefik.containo.us
+  name: middlewares.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: Middleware
@@ -31,10 +31,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: middlewaretcps.traefik.containo.us
+  name: middlewaretcps.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: MiddlewareTCP
@@ -46,10 +46,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: ingressroutetcps.traefik.containo.us
+  name: ingressroutetcps.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: IngressRouteTCP
@@ -61,10 +61,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: ingressrouteudps.traefik.containo.us
+  name: ingressrouteudps.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: IngressRouteUDP
@@ -76,10 +76,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: tlsoptions.traefik.containo.us
+  name: tlsoptions.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: TLSOption
@@ -91,10 +91,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: tlsstores.traefik.containo.us
+  name: tlsstores.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: TLSStore
@@ -106,10 +106,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: traefikservices.traefik.containo.us
+  name: traefikservices.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: TraefikService
@@ -121,10 +121,10 @@ spec:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: serverstransports.traefik.containo.us
+  name: serverstransports.traefik.io
 
 spec:
-  group: traefik.containo.us
+  group: traefik.io
   version: v1alpha1
   names:
     kind: ServersTransport

docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml

@@ -32,6 +32,7 @@ rules:
     verbs:
       - update
   - apiGroups:
+      - traefik.io
       - traefik.containo.us
     resources:
       - middlewares

docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml

@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TraefikService
 metadata:
   name: wrr2
@@ -17,7 +17,7 @@ spec:
         port: 80
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TraefikService
 metadata:
   name: wrr1
@@ -34,7 +34,7 @@ spec:
         port: 80
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TraefikService
 metadata:
   name: mirror1
@@ -53,7 +53,7 @@ spec:
         percent: 20
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TraefikService
 metadata:
   name: mirror2
@@ -73,7 +73,7 @@ spec:
         port: 80
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: ingressroute
@@ -133,7 +133,7 @@ spec:
       namespace: default
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
   name: ingressroutetcp.crd
@@ -157,7 +157,7 @@ spec:
       namespace: default
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRouteUDP
 metadata:
   name: ingressrouteudp.crd
@@ -172,7 +172,7 @@ spec:
           port: 8080
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
   name: tlsoption
@@ -199,7 +199,7 @@ spec:
     - foobar
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: ServersTransport
 metadata:
   name: mytransport

docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml

@@ -74,7 +74,7 @@ spec:
             value: /foo
 
       backendRefs:
-        - group: traefik.containo.us
+        - group: traefik.io
           kind: TraefikService
           name: myservice@file
           weight: 1

docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: traefik-controller
       containers:
         - name: traefik
-          image: traefik:v2.9
+          image: traefik:v2.10
           args:
             - --entrypoints.web.address=:80
             - --entrypoints.websecure.address=:443

docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml

@@ -39,7 +39,7 @@ spec:
               entryPoints:
                 description: 'EntryPoints defines the list of entry point names to
                   bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
                   Default: all.'
                 items:
                   type: string
@@ -56,11 +56,11 @@ spec:
                       - Rule
                       type: string
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
                       type: string
                     middlewares:
                       description: 'Middlewares defines the list of references to
-                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
                       items:
                         description: MiddlewareRef is a reference to a Middleware
                           resource.
@@ -79,7 +79,7 @@ spec:
                       type: array
                     priority:
                       description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
                       type: integer
                     services:
                       description: Services defines the list of Service. It can contain
@@ -104,6 +104,13 @@ spec:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service or TraefikService.
                             type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
                           passHostHeader:
                             description: PassHostHeader defines whether the client
                               Host header is forwarded to the upstream Kubernetes
@@ -145,7 +152,7 @@ spec:
                             type: string
                           sticky:
                             description: 'Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
                             properties:
                               cookie:
                                 description: Cookie defines the sticky cookie configuration.
@@ -190,16 +197,16 @@ spec:
                   type: object
                 type: array
               tls:
-                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
                 properties:
                   certResolver:
                     description: 'CertResolver defines the name of the certificate
                       resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
                     type: string
                   domains:
                     description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -217,15 +224,15 @@ spec:
                   options:
                     description: 'Options defines the reference to a TLSOption, that
                       specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
                     properties:
                       name:
                         description: 'Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
                         type: string
                       namespace:
                         description: 'Namespace defines the namespace of the referenced
-                          TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
                         type: string
                     required:
                     - name
@@ -241,11 +248,11 @@ spec:
                     properties:
                       name:
                         description: 'Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
                         type: string
                       namespace:
                         description: 'Namespace defines the namespace of the referenced
-                          TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
                         type: string
                     required:
                     - name

docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml

@@ -39,7 +39,7 @@ spec:
               entryPoints:
                 description: 'EntryPoints defines the list of entry point names to
                   bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
                   Default: all.'
                 items:
                   type: string
@@ -50,7 +50,7 @@ spec:
                   description: RouteTCP holds the TCP route configuration.
                   properties:
                     match:
-                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
                       type: string
                     middlewares:
                       description: Middlewares defines the list of references to MiddlewareTCP
@@ -73,7 +73,7 @@ spec:
                       type: array
                     priority:
                       description: 'Priority defines the router''s priority. More
-                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
                       type: integer
                     services:
                       description: Services defines the list of TCP services.
@@ -89,6 +89,13 @@ spec:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service.
                             type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
                           port:
                             anyOf:
                             - type: integer
@@ -98,7 +105,7 @@ spec:
                             x-kubernetes-int-or-string: true
                           proxyProtocol:
                             description: 'ProxyProtocol defines the PROXY protocol
-                              configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
+                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
                             properties:
                               version:
                                 description: Version defines the PROXY Protocol version
@@ -129,16 +136,16 @@ spec:
                 type: array
               tls:
                 description: 'TLS defines the TLS configuration on a layer 4 / TCP
-                  Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
+                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
                 properties:
                   certResolver:
                     description: 'CertResolver defines the name of the certificate
                       resolver to use. Cert resolvers have to be configured in the
-                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
                     type: string
                   domains:
                     description: 'Domains defines the list of domains that will be
-                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -156,7 +163,7 @@ spec:
                   options:
                     description: 'Options defines the reference to a TLSOption, that
                       specifies the parameters of the TLS connection. If not defined,
-                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik

docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml

@@ -39,7 +39,7 @@ spec:
               entryPoints:
                 description: 'EntryPoints defines the list of entry point names to
                   bind to. Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
                   Default: all.'
                 items:
                   type: string
@@ -63,6 +63,13 @@ spec:
                             description: Namespace defines the namespace of the referenced
                               Kubernetes Service.
                             type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
                           port:
                             anyOf:
                             - type: integer

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml

@@ -20,7 +20,7 @@ spec:
     schema:
       openAPIV3Schema:
         description: 'Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -40,7 +40,7 @@ spec:
               addPrefix:
                 description: 'AddPrefix holds the add prefix middleware configuration.
                   This middleware updates the path of a request before forwarding
-                  it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
+                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
                 properties:
                   prefix:
                     description: Prefix is the string to add before the current path
@@ -50,11 +50,11 @@ spec:
               basicAuth:
                 description: 'BasicAuth holds the basic auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
                 properties:
                   headerField:
                     description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
                     type: string
                   realm:
                     description: 'Realm allows the protected resources on a server
@@ -74,7 +74,7 @@ spec:
               buffering:
                 description: 'Buffering holds the buffering middleware configuration.
                   This middleware retries or limits the size of requests that can
-                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
                 properties:
                   maxRequestBodyBytes:
                     description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -107,13 +107,13 @@ spec:
                   retryExpression:
                     description: 'RetryExpression defines the retry conditions. It
                       is a logical combination of functions with operators AND (&&)
-                      and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
                     type: string
                 type: object
               chain:
                 description: 'Chain holds the configuration of the chain middleware.
                   This middleware enables to define reusable combinations of other
-                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
                 properties:
                   middlewares:
                     description: Middlewares is the list of MiddlewareRef which composes
@@ -167,7 +167,7 @@ spec:
               compress:
                 description: 'Compress holds the compress middleware configuration.
                   This middleware compresses responses before sending them to the
-                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
                 properties:
                   excludedContentTypes:
                     description: ExcludedContentTypes defines the list of content
@@ -201,11 +201,11 @@ spec:
               digestAuth:
                 description: 'DigestAuth holds the digest auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
                 properties:
                   headerField:
                     description: 'HeaderField defines a header field to store the
-                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
                     type: string
                   realm:
                     description: 'Realm allows the protected resources on a server
@@ -224,7 +224,7 @@ spec:
               errors:
                 description: 'ErrorPage holds the custom error middleware configuration.
                   This middleware returns a custom page in lieu of the default, according
-                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
                 properties:
                   query:
                     description: Query defines the URL for the error page (hosted
@@ -233,7 +233,7 @@ spec:
                     type: string
                   service:
                     description: 'Service defines the reference to a Kubernetes Service
-                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
                     properties:
                       kind:
                         description: Kind defines the kind of the Service.
@@ -250,6 +250,13 @@ spec:
                         description: Namespace defines the namespace of the referenced
                           Kubernetes Service or TraefikService.
                         type: string
+                      nativeLB:
+                        description: NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if
+                          the only child is the Kubernetes Service clusterIP. The
+                          Kubernetes Service itself does load-balance to the pods.
+                          By default, NativeLB is false.
+                        type: boolean
                       passHostHeader:
                         description: PassHostHeader defines whether the client Host
                           header is forwarded to the upstream Kubernetes Service.
@@ -290,7 +297,7 @@ spec:
                         type: string
                       sticky:
                         description: 'Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
                         properties:
                           cookie:
                             description: Cookie defines the sticky cookie configuration.
@@ -339,7 +346,7 @@ spec:
               forwardAuth:
                 description: 'ForwardAuth holds the forward auth middleware configuration.
                   This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
                 properties:
                   address:
                     description: Address defines the authentication server address.
@@ -362,7 +369,7 @@ spec:
                     description: 'AuthResponseHeadersRegex defines the regex to match
                       headers to copy from the authentication server response and
                       set on forwarded request, after stripping all headers that match
-                      the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
+                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
                     type: string
                   tls:
                     description: TLS defines the configuration used to secure the
@@ -393,7 +400,7 @@ spec:
               headers:
                 description: 'Headers holds the headers middleware configuration.
                   This middleware manages the requests and responses headers. More
-                  info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
+                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
                 properties:
                   accessControlAllowCredentials:
                     description: AccessControlAllowCredentials defines whether the
@@ -554,7 +561,7 @@ spec:
               inFlightReq:
                 description: 'InFlightReq holds the in-flight request middleware configuration.
                   This middleware limits the number of requests being processed and
-                  served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
                 properties:
                   amount:
                     description: Amount defines the maximum amount of allowed simultaneous
@@ -568,11 +575,11 @@ spec:
                       group requests as originating from a common source. If several
                       strategies are defined at the same time, an error will be raised.
                       If none are set, the default is to use the requestHost. More
-                      info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
+                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -600,11 +607,11 @@ spec:
               ipWhiteList:
                 description: 'IPWhiteList holds the IP whitelist middleware configuration.
                   This middleware accepts / refuses requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
                 properties:
                   ipStrategy:
                     description: 'IPStrategy holds the IP strategy configuration used
-                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -628,7 +635,7 @@ spec:
               passTLSClientCert:
                 description: 'PassTLSClientCert holds the pass TLS client cert middleware
                   configuration. This middleware adds the selected data from the passed
-                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
                 properties:
                   info:
                     description: Info selects the specific client certificate details
@@ -723,7 +730,7 @@ spec:
                     type: object
                   pem:
                     description: PEM sets the X-Forwarded-Tls-Client-Cert header with
-                      the escaped certificate.
+                      the certificate.
                     type: boolean
                 type: object
               plugin:
@@ -735,7 +742,7 @@ spec:
               rateLimit:
                 description: 'RateLimit holds the rate limit configuration. This middleware
                   ensures that services will receive a fair amount of requests, and
-                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
                 properties:
                   average:
                     description: Average is the maximum rate, by default in requests/s,
@@ -768,7 +775,7 @@ spec:
                     properties:
                       ipStrategy:
                         description: 'IPStrategy holds the IP strategy configuration
-                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -796,7 +803,7 @@ spec:
               redirectRegex:
                 description: 'RedirectRegex holds the redirect regex middleware configuration.
                   This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -814,7 +821,7 @@ spec:
               redirectScheme:
                 description: 'RedirectScheme holds the redirect scheme middleware
                   configuration. This middleware redirects requests from a scheme/port
-                  to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
+                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -830,7 +837,7 @@ spec:
               replacePath:
                 description: 'ReplacePath holds the replace path middleware configuration.
                   This middleware replaces the path of the request URL and store the
-                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
                 properties:
                   path:
                     description: Path defines the path to use as replacement in the
@@ -840,7 +847,7 @@ spec:
               replacePathRegex:
                 description: 'ReplacePathRegex holds the replace path regex middleware
                   configuration. This middleware replaces the path of a URL using
-                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
                 properties:
                   regex:
                     description: Regex defines the regular expression used to match
@@ -856,7 +863,7 @@ spec:
                   middleware reissues requests a given number of times to a backend
                   server if that server does not reply. As soon as the server answers,
                   the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
                 properties:
                   attempts:
                     description: Attempts defines how many times the request should
@@ -876,7 +883,7 @@ spec:
               stripPrefix:
                 description: 'StripPrefix holds the strip prefix middleware configuration.
                   This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
                 properties:
                   forceSlash:
                     description: 'ForceSlash ensures that the resulting stripped path
@@ -893,7 +900,7 @@ spec:
               stripPrefixRegex:
                 description: 'StripPrefixRegex holds the strip prefix regex middleware
                   configuration. This middleware removes the matching prefixes from
-                  the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
                 properties:
                   regex:
                     description: Regex defines the regular expression to match the

docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml

@@ -20,7 +20,7 @@ spec:
     schema:
       openAPIV3Schema:
         description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation

docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml

@@ -22,7 +22,7 @@ spec:
         description: 'ServersTransport is the CRD implementation of a ServersTransport.
           If no serversTransport is specified, the default@internal will be used.
           The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
+          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation

docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml

@@ -21,7 +21,7 @@ spec:
       openAPIV3Schema:
         description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
           allowing to configure some parameters of the TLS connection. More info:
-          https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -41,13 +41,13 @@ spec:
               alpnProtocols:
                 description: 'ALPNProtocols defines the list of supported application
                   level protocols for the TLS handshake, in order of preference. More
-                  info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
+                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
                 items:
                   type: string
                 type: array
               cipherSuites:
                 description: 'CipherSuites defines the list of supported cipher suites
-                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
                 items:
                   type: string
                 type: array
@@ -74,7 +74,7 @@ spec:
                 type: object
               curvePreferences:
                 description: 'CurvePreferences defines the preferred elliptic curves
-                  in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
                 items:
                   type: string
                 type: array

docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml

@@ -22,7 +22,7 @@ spec:
         description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
           the time being, only the TLSStore named default is supported. This means
           that you cannot have two stores that are named default in different Kubernetes
-          namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
+          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation

docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml

@@ -21,7 +21,7 @@ spec:
       openAPIV3Schema:
         description: 'TraefikService is the CRD implementation of a Traefik Service.
           TraefikService object allows to: - Apply weight to Services on load-balancing
-          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -75,6 +75,13 @@ spec:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
                         passHostHeader:
                           description: PassHostHeader defines whether the client Host
                             header is forwarded to the upstream Kubernetes Service.
@@ -120,7 +127,7 @@ spec:
                           type: string
                         sticky:
                           description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -166,6 +173,13 @@ spec:
                     description: Namespace defines the namespace of the referenced
                       Kubernetes Service or TraefikService.
                     type: string
+                  nativeLB:
+                    description: NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the
+                      only child is the Kubernetes Service clusterIP. The Kubernetes
+                      Service itself does load-balance to the pods. By default, NativeLB
+                      is false.
+                    type: boolean
                   passHostHeader:
                     description: PassHostHeader defines whether the client Host header
                       is forwarded to the upstream Kubernetes Service. By default,
@@ -204,7 +218,7 @@ spec:
                     type: string
                   sticky:
                     description: 'Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -263,6 +277,13 @@ spec:
                           description: Namespace defines the namespace of the referenced
                             Kubernetes Service or TraefikService.
                           type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
                         passHostHeader:
                           description: PassHostHeader defines whether the client Host
                             header is forwarded to the upstream Kubernetes Service.
@@ -304,7 +325,7 @@ spec:
                           type: string
                         sticky:
                           description: 'Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -343,7 +364,7 @@ spec:
                     type: array
                   sticky:
                     description: 'Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.

docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml

@@ -0,0 +1,275 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml

@@ -0,0 +1,218 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []