Prepare release v3.5.1

Co-authored-by: Romain <rtribotte@users.noreply.github.com>

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,17 +1,16 @@
 <!--
 PLEASE READ THIS MESSAGE.
 
-Documentation fixes or enhancements:
-- for Traefik v2: use branch v2.11
-- for Traefik v3: use branch v3.4
+Documentation:
+- for Traefik v2: use branch v2.11 (fixes only)
+- for Traefik v3: use branch v3.5
 
-Bug fixes:
-- for Traefik v2: use branch v2.11
-- for Traefik v3: use branch v3.4
+Bug:
+- for Traefik v2: use branch v2.11 (security fixes only)
+- for Traefik v3: use branch v3.5
 
 Enhancements:
-- for Traefik v2: we only accept bug fixes
-- for Traefik v3: use branch master
+- use branch master
 
 HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
 

.github/workflows/build.yaml

@@ -51,7 +51,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/check_doc.yml

@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/codeql.yml

@@ -28,7 +28,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: setup go
       uses: actions/setup-go@v5

.github/workflows/documentation.yml

@@ -1,6 +1,7 @@
 name: Build and Publish Documentation
 
 on:
+  workflow_dispatch: {}
   push:
     branches:
       - master
@@ -19,7 +20,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -39,9 +40,9 @@ jobs:
         run: curl -sSfL https://raw.githubusercontent.com/traefik/mixtus/master/godownloader.sh | sh -s -- -b $HOME/bin ${MIXTUS_VERSION}
 
       - name: Build documentation
-        run: $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
-        env:
-          STRUCTOR_LATEST_TAG: ${{ vars.STRUCTOR_LATEST_TAG }}
+        run: |
+          STRUCTOR_LATEST_TAG=$(curl -s https://api.github.com/repos/traefik/traefik/releases/latest | jq -r '.tag_name')
+          $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
 
       - name: Apply seo
         run: $HOME/bin/seo -path=./site -product=traefik

.github/workflows/experimental.yaml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/release.yaml

@@ -10,7 +10,7 @@ env:
   CGO_ENABLED: 0
   VERSION: ${{ github.ref_name }}
   TRAEFIKER_EMAIL: "traefiker@traefik.io"
-  CODENAME: chaource
+  CODENAME: chabichou
 
 jobs:
 
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -89,7 +89,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -126,13 +126,11 @@ jobs:
           tar cfz "dist/traefik-${VERSION}.src.tar.gz" \
             --exclude-vcs \
             --exclude .idea \
-            --exclude .travis \
-            --exclude .semaphoreci \
             --exclude .github \
             --exclude dist .
           
           chown -R "$(id -u)":"$(id -g)" dist/
-          gh release create ${VERSION} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${VERSION} --notes ${VERSION}
+          gh release create ${VERSION} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${VERSION} --notes ${VERSION} --latest=true
           
           ./script/deploy.sh
 

.github/workflows/template-webui.yaml

@@ -8,10 +8,13 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
+      - name: Enable corepack
+        run: corepack enable
+
       - name: Setup node
         uses: actions/setup-node@v4
         with:

.github/workflows/test-conformance.yaml

@@ -31,7 +31,9 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Avoid generating webui
-        run: touch webui/static/index.html
+        run: |
+          mkdir webui/static
+          touch webui/static/index.html
 
       - name: K8s Gateway API conformance test and report
         run: |

.github/workflows/test-integration.yaml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -31,7 +31,9 @@ jobs:
           check-latest: true
 
       - name: Avoid generating webui
-        run: touch webui/static/index.html
+        run: |
+          mkdir webui/static
+          touch webui/static/index.html
 
       - name: Build binary
         run: make binary-linux-amd64
@@ -62,7 +64,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -73,7 +75,9 @@ jobs:
           check-latest: true
 
       - name: Avoid generating webui
-        run: touch webui/static/index.html
+        run: |
+          mkdir webui/static
+          touch webui/static/index.html
 
       - name: Download traefik binary
         uses: actions/download-artifact@v4

.github/workflows/test-unit.yaml

@@ -13,7 +13,6 @@ env:
   GO_VERSION: '1.24'
 
 jobs:
-
   generate-packages:
     name: List Go Packages
     runs-on: ubuntu-latest
@@ -21,7 +20,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -47,7 +46,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -58,7 +57,9 @@ jobs:
           check-latest: true
 
       - name: Avoid generating webui
-        run: touch webui/static/index.html
+        run: |
+          mkdir webui/static
+          touch webui/static/index.html
 
       - name: Tests
         run: |
@@ -69,10 +70,13 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
+      - name: Enable corepack
+        run: corepack enable
+
       - name: Set up Node.js ${{ env.NODE_VERSION }}
         uses: actions/setup-node@v4
         with:
@@ -81,6 +85,9 @@ jobs:
           cache-dependency-path: webui/yarn.lock
 
       - name: UI unit tests
+        working-directory: ./webui
+        env:
+          VITE_APP_BASE_API_URL: "/api"
         run: |
-          yarn --cwd webui install
-          yarn --cwd webui test:unit:ci
+          yarn install
+          yarn test:unit:ci

.github/workflows/validate.yaml

@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -27,6 +27,11 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
           check-latest: true
 
+      - name: Avoid generating webui
+        run: |
+          mkdir webui/static
+          touch webui/static/index.html
+
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v7
         with:
@@ -37,7 +42,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -51,7 +56,9 @@ jobs:
         run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/HEAD/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSPELL_VERSION}
 
       - name: Avoid generating webui
-        run: touch webui/static/index.html
+        run: |
+          mkdir webui/static
+          touch webui/static/index.html
 
       - name: Validate
         run: make validate-files
@@ -61,7 +68,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.golangci.yml

@@ -245,6 +245,10 @@ linters:
         text: Function 'buildConstructor' has too many statements
         linters:
           - funlen
+      - path: pkg/provider/kubernetes/ingress-nginx/kubernetes.go
+        text: Function 'loadConfiguration' has too many statements
+        linters:
+          - funlen
       - path: pkg/tracing/haystack/logger.go
         linters:
           - goprintffuncname
@@ -304,8 +308,6 @@ linters:
         text: 'SA1019: cfg.(SSLRedirect|SSLTemporaryRedirect|SSLHost|SSLForceHost|FeaturePolicy) is deprecated'
       - path: (.+)\.go$
         text: 'SA1019: c.Providers.(ConsulCatalog|Consul|Nomad).Namespace is deprecated'
-      - path: (.+)\.go$
-        text: 'SA1019: dockertypes.ContainerNode is deprecated'
       - path: pkg/provider/kubernetes/crd/kubernetes.go
         text: "Function 'loadConfigurationFromCRD' has too many statements"
         linters:

.semaphore/semaphore.yml

@@ -1,13 +0,0 @@
-version: v1.0
-name: Traefik Release - deprecated
-agent:
-  machine:
-    type: f1-standard-2
-    os_image: ubuntu2204
-blocks:
-  - name: 'Do nothing'
-    task:
-      jobs:
-        - name: 'Do nothing'
-          commands:
-            - echo "Do nothing"

CHANGELOG.md

@@ -1,3 +1,92 @@
+## [v3.5.1](https://github.com/traefik/traefik/tree/v3.5.1) (2025-08-27)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.0...v3.5.1)
+
+**Bug fixes:**
+- **[accesslogs,otel]** Provide Log Body in OTEL access Log ([#11867](https://github.com/traefik/traefik/pull/11867) by [tomMoulard](https://github.com/tomMoulard))
+- **[acme]** Bump github.com/go-acme/lego/v4 to v4.25.1 ([#11882](https://github.com/traefik/traefik/pull/11882) by [ldez](https://github.com/ldez))
+- **[k8s/gatewayapi]** Make app protocol case insensitive ([#11989](https://github.com/traefik/traefik/pull/11989) by [shreealt](https://github.com/shreealt))
+- **[otel]** Fix misspelling in docs ([#11952](https://github.com/traefik/traefik/pull/11952) by [mmanciop](https://github.com/mmanciop))
+- **[server]** Bump to github.com/pires/go-proxyproto v0.8.1 ([#11991](https://github.com/traefik/traefik/pull/11991) by [rtribotte](https://github.com/rtribotte))
+- **[server]** Silent expected errors on receiving sigterm signal ([#11838](https://github.com/traefik/traefik/pull/11838) by [Kwuray](https://github.com/Kwuray))
+- **[tracing]** Fix capturedRequestHeaders and capturedResponseHeaders headers options not being canonicalized in tracing ([#12005](https://github.com/traefik/traefik/pull/12005) by [mcuelenaere](https://github.com/mcuelenaere))
+- **[tracing]** Follow OTel semantic conventions for root span naming ([#11673](https://github.com/traefik/traefik/pull/11673) by [Alex-Waring](https://github.com/Alex-Waring))
+- **[webui]** Update Traefik Proxy dashboard UI development deps ([#11958](https://github.com/traefik/traefik/pull/11958) by [mdeliatf](https://github.com/mdeliatf))
+- Refactor to use reflect.TypeFor ([#12010](https://github.com/traefik/traefik/pull/12010) by [cuiweixie](https://github.com/cuiweixie))
+
+**Documentation:**
+- **[docker]** Fix missing middleware application for whoami service in docker guide ([#12012](https://github.com/traefik/traefik/pull/12012) by [Copilot](https://github.com/apps/copilot-swe-agent))
+- **[k8s/gatewayapi]** Fix documentation to match new gateway-api selector syntax ([#12006](https://github.com/traefik/traefik/pull/12006) by [Firespray-31](https://github.com/Firespray-31))
+- **[middleware,hub]** Add Traefik Hub Middlewares To Reference Section ([#11937](https://github.com/traefik/traefik/pull/11937) by [sheddy-traefik](https://github.com/sheddy-traefik))
+- **[plugins]** Add extend documentation ([#11904](https://github.com/traefik/traefik/pull/11904) by [sheddy-traefik](https://github.com/sheddy-traefik))
+- Update Broken Links in the Migration Docs ([#12016](https://github.com/traefik/traefik/pull/12016) by [sheddy-traefik](https://github.com/sheddy-traefik))
+- Fix Documentation menu ([#12013](https://github.com/traefik/traefik/pull/12013) by [nmengin](https://github.com/nmengin))
+- Fix invalid links in documentation ([#11995](https://github.com/traefik/traefik/pull/11995) by [mloiseleur](https://github.com/mloiseleur))
+- Fix typo in index ([#11994](https://github.com/traefik/traefik/pull/11994) by [ignyx](https://github.com/ignyx))
+- Restore missing migration section ([#11973](https://github.com/traefik/traefik/pull/11973) by [rtribotte](https://github.com/rtribotte))
+- Clean Documentation ([#11945](https://github.com/traefik/traefik/pull/11945) by [nmengin](https://github.com/nmengin))
+- Add back the link to Peka's page ([#11942](https://github.com/traefik/traefik/pull/11942) by [kevinpollet](https://github.com/kevinpollet))
+
+**Misc:**
+- Merge branch v2.11 into v3.5 ([#12019](https://github.com/traefik/traefik/pull/12019) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v2.11 into v3.5 ([#12017](https://github.com/traefik/traefik/pull/12017) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v2.11 into v3.5 ([#11966](https://github.com/traefik/traefik/pull/11966) by [kevinpollet](https://github.com/kevinpollet))
+- Merge branch v3.4 into v3.5 ([#11953](https://github.com/traefik/traefik/pull/11953) by [rtribotte](https://github.com/rtribotte))
+
+## [v2.11.29](https://github.com/traefik/traefik/tree/v2.11.29) (2025-08-26)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.28...v2.11.29)
+
+**Bug fixes:**
+- **[acme]** Bump github.com/go-acme/lego/v4 to v4.25.2 ([#11983](https://github.com/traefik/traefik/pull/11983) by [ldez](https://github.com/ldez))
+- **[docker]** Bump github.com/docker/docker to v28.3.3 ([#12007](https://github.com/traefik/traefik/pull/12007) by [kevinpollet](https://github.com/kevinpollet))
+
+**Documentation:**
+- Fix invalid links in documentation ([#11960](https://github.com/traefik/traefik/pull/11960) by [mloiseleur](https://github.com/mloiseleur))
+- Update releases docs for v3.5 ([#11949](https://github.com/traefik/traefik/pull/11949) by [jnoordsij](https://github.com/jnoordsij))
+
+## [v3.5.0](https://github.com/traefik/traefik/tree/v3.5.0) (2025-07-23)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.0-rc1...v3.5.0)
+
+**Enhancements:**
+- **[acme]** OCSP stapling ([#8393](https://github.com/traefik/traefik/pull/8393) by [alekitto](https://github.com/alekitto))
+- **[acme]** Add acme.httpChallenge.delay option ([#11643](https://github.com/traefik/traefik/pull/11643) by [ldez](https://github.com/ldez))
+- **[acme]** Allow configuration of ACME provider http timeout ([#11637](https://github.com/traefik/traefik/pull/11637) by [tkw1536](https://github.com/tkw1536))
+- **[healthcheck]** Add url option to healthcheck command ([#11711](https://github.com/traefik/traefik/pull/11711) by [Nelwhix](https://github.com/Nelwhix))
+- **[healthcheck]** Add unhealthy Interval to the health check configuration ([#10610](https://github.com/traefik/traefik/pull/10610) by [sswastik02](https://github.com/sswastik02))
+- **[k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.3.0 ([#11719](https://github.com/traefik/traefik/pull/11719) by [rtribotte](https://github.com/rtribotte))
+- **[k8s/ingress]** Make the behavior of prefix matching in Ingress consistent with Kubernetes doc ([#11203](https://github.com/traefik/traefik/pull/11203) by [charlie0129](https://github.com/charlie0129))
+- **[k8s]** NGINX Ingress Provider ([#11844](https://github.com/traefik/traefik/pull/11844) by [rtribotte](https://github.com/rtribotte))
+- **[middleware,authentication]** Handle context canceled in ForwardAuth middleware ([#11817](https://github.com/traefik/traefik/pull/11817) by [bengentree](https://github.com/bengentree))
+- **[plugins]** Ability to enable unsafe in yaegi through plugin manifest ([#11589](https://github.com/traefik/traefik/pull/11589) by [Rydez](https://github.com/Rydez))
+- **[tls]** Introduce X25519MLKEM768 for Post-Quantum-Secure TLS ([#11731](https://github.com/traefik/traefik/pull/11731) by [fzoli](https://github.com/fzoli))
+- **[webui]** Migrate Traefik Proxy dashboard UI to React ([#11674](https://github.com/traefik/traefik/pull/11674) by [gndz07](https://github.com/gndz07))
+- **[webui]** Improve visualization for StatusRewrites option of errors middleware ([#11806](https://github.com/traefik/traefik/pull/11806) by [sevensolutions](https://github.com/sevensolutions))
+
+**Bug fixes:**
+- **[healthcheck]** Revert 11711 adding url param to healthcheck command ([#11927](https://github.com/traefik/traefik/pull/11927) by [lbenguigui](https://github.com/lbenguigui))
+- **[logs,metrics,tracing,accesslogs,otel]** Add missing resource attributes detectors ([#11874](https://github.com/traefik/traefik/pull/11874) by [rtribotte](https://github.com/rtribotte))
+- **[logs,tracing,k8s,otel]** Add k8s resource attributes automatically ([#11906](https://github.com/traefik/traefik/pull/11906) by [kevinpollet](https://github.com/kevinpollet))
+- **[metrics,otel]** Add resourceAttributes option to OTel metrics ([#11908](https://github.com/traefik/traefik/pull/11908) by [kevinpollet](https://github.com/kevinpollet))
+- **[middleware,tracing]** Introduce trace verbosity config and produce less spans by default ([#11870](https://github.com/traefik/traefik/pull/11870) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[docker,ecs,docker/swarm,consulcatalog,nomad]** Add constraints key limitations for label providers ([#11893](https://github.com/traefik/traefik/pull/11893) by [bluepuma77](https://github.com/bluepuma77))
+- **[k8s]** Add extended NGinX annotation support documentation ([#11920](https://github.com/traefik/traefik/pull/11920) by [nmengin](https://github.com/nmengin))
+- Remove dead link to Peka blog ([#11934](https://github.com/traefik/traefik/pull/11934) by [kevinpollet](https://github.com/kevinpollet))
+- Prepare release v3.5.0-rc2 ([#11899](https://github.com/traefik/traefik/pull/11899) by [kevinpollet](https://github.com/kevinpollet))
+- Prepare release v3.5.0-rc1 ([#11865](https://github.com/traefik/traefik/pull/11865) by [rtribotte](https://github.com/rtribotte))
+
+**Misc:**
+- Merge branch v3.4 into v3.5 ([#11933](https://github.com/traefik/traefik/pull/11933) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into v3.5 ([#11898](https://github.com/traefik/traefik/pull/11898) by [kevinpollet](https://github.com/kevinpollet))
+- Merge branch v3.4 into master ([#11863](https://github.com/traefik/traefik/pull/11863) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11861](https://github.com/traefik/traefik/pull/11861) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11857](https://github.com/traefik/traefik/pull/11857) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11855](https://github.com/traefik/traefik/pull/11855) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11813](https://github.com/traefik/traefik/pull/11813) by [kevinpollet](https://github.com/kevinpollet))
+- Merge branch v3.4 into master ([#11758](https://github.com/traefik/traefik/pull/11758) by [mmatur](https://github.com/mmatur))
+- Merge v3.4 into master ([#11752](https://github.com/traefik/traefik/pull/11752) by [mmatur](https://github.com/mmatur))
+- Merge branch v3.4 into master ([#11708](https://github.com/traefik/traefik/pull/11708) by [kevinpollet](https://github.com/kevinpollet))
+
 ## [v3.4.5](https://github.com/traefik/traefik/tree/v3.4.5) (2025-07-23)
 [All Commits](https://github.com/traefik/traefik/compare/v3.4.4...v3.4.5)
 
@@ -22,6 +111,15 @@
 **Documentation:**
 - **[k8s/crd,k8s]** Remove all mentions of ordering for TLSOption CurvePreferences field ([#11924](https://github.com/traefik/traefik/pull/11924) by [jnoordsij](https://github.com/jnoordsij))
 
+## [v3.5.0-rc2](https://github.com/traefik/traefik/tree/v3.5.0-rc2) (2025-07-11)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.0-rc1...v3.5.0-rc2)
+
+**Bug fixes:**
+- **[logs,metrics,tracing,accesslogs,otel]** Add missing resource attributes detectors ([#11874](https://github.com/traefik/traefik/pull/11874) by [rtribotte](https://github.com/rtribotte))
+
+**Misc:**
+- Merge branch v3.4 into v3.5 ([#11898](https://github.com/traefik/traefik/pull/11898) by [kevinpollet](https://github.com/kevinpollet))
+
 ## [v3.4.4](https://github.com/traefik/traefik/tree/v3.4.4) (2025-07-11)
 [All Commits](https://github.com/traefik/traefik/compare/v3.4.3...v3.4.4)
 
@@ -45,6 +143,34 @@
 **Bug fixes:**
 - Bump github.com/go-viper/mapstructure/v2 to v2.3.0 ([#11880](https://github.com/traefik/traefik/pull/11880) by [kevinpollet](https://github.com/kevinpollet))
 
+## [v3.5.0-rc1](https://github.com/traefik/traefik/tree/v3.5.0-rc1) (2025-06-26)
+[All Commits](https://github.com/traefik/traefik/compare/v3.4.0-rc1...v3.5.0-rc1)
+
+**Enhancements:**
+- **[acme]** OCSP stapling ([#8393](https://github.com/traefik/traefik/pull/8393) by [alekitto](https://github.com/alekitto))
+- **[acme]** Add acme.httpChallenge.delay option ([#11643](https://github.com/traefik/traefik/pull/11643) by [ldez](https://github.com/ldez))
+- **[acme]** Allow configuration of ACME provider http timeout ([#11637](https://github.com/traefik/traefik/pull/11637) by [tkw1536](https://github.com/tkw1536))
+- **[healthcheck]** Add url option to healthcheck command ([#11711](https://github.com/traefik/traefik/pull/11711) by [Nelwhix](https://github.com/Nelwhix))
+- **[healthcheck]** Add unhealthy Interval to the health check configuration ([#10610](https://github.com/traefik/traefik/pull/10610) by [sswastik02](https://github.com/sswastik02))
+- **[k8s/gatewayapi]** Bump sigs.k8s.io/gateway-api to v1.3.0 ([#11719](https://github.com/traefik/traefik/pull/11719) by [rtribotte](https://github.com/rtribotte))
+- **[k8s/ingress]** Make the behavior of prefix matching in Ingress consistent with Kubernetes doc ([#11203](https://github.com/traefik/traefik/pull/11203) by [charlie0129](https://github.com/charlie0129))
+- **[k8s]** NGINX Ingress Provider ([#11844](https://github.com/traefik/traefik/pull/11844) by [rtribotte](https://github.com/rtribotte))
+- **[middleware,authentication]** Handle context canceled in ForwardAuth middleware ([#11817](https://github.com/traefik/traefik/pull/11817) by [bengentree](https://github.com/bengentree))
+- **[plugins]** Ability to enable unsafe in yaegi through plugin manifest ([#11589](https://github.com/traefik/traefik/pull/11589) by [Rydez](https://github.com/Rydez))
+- **[tls]** Introduce X25519MLKEM768 for Post-Quantum-Secure TLS ([#11731](https://github.com/traefik/traefik/pull/11731) by [fzoli](https://github.com/fzoli))
+- **[webui]** Migrate Traefik Proxy dashboard UI to React ([#11674](https://github.com/traefik/traefik/pull/11674) by [gndz07](https://github.com/gndz07))
+- **[webui]** Improve visualization for StatusRewrites option of errors middleware ([#11806](https://github.com/traefik/traefik/pull/11806) by [sevensolutions](https://github.com/sevensolutions))
+
+**Misc:**
+- Merge branch v3.4 into master ([#11863](https://github.com/traefik/traefik/pull/11863) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11861](https://github.com/traefik/traefik/pull/11861) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11857](https://github.com/traefik/traefik/pull/11857) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11855](https://github.com/traefik/traefik/pull/11855) by [rtribotte](https://github.com/rtribotte))
+- Merge branch v3.4 into master ([#11813](https://github.com/traefik/traefik/pull/11813) by [kevinpollet](https://github.com/kevinpollet))
+- Merge branch v3.4 into master ([#11758](https://github.com/traefik/traefik/pull/11758) by [mmatur](https://github.com/mmatur))
+- Merge v3.4 into master ([#11752](https://github.com/traefik/traefik/pull/11752) by [mmatur](https://github.com/mmatur))
+- Merge branch v3.4 into master ([#11708](https://github.com/traefik/traefik/pull/11708) by [kevinpollet](https://github.com/kevinpollet))
+
 ## [v3.4.3](https://github.com/traefik/traefik/tree/v3.4.3) (2025-06-26)
 [All Commits](https://github.com/traefik/traefik/compare/v3.4.2...v3.4.3)
 

Makefile

@@ -30,18 +30,16 @@ dist:
 .PHONY: build-webui-image
 #? build-webui-image: Build WebUI Docker image
 build-webui-image:
-	docker build -t traefik-webui -f webui/Dockerfile webui
+	docker build -t traefik-webui -f webui/buildx.Dockerfile webui
 
 .PHONY: clean-webui
 #? clean-webui: Clean WebUI static generated assets
 clean-webui:
-	rm -r webui/static
-	mkdir -p webui/static
-	printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
+	rm -rf webui/static
 
 webui/static/index.html:
 	$(MAKE) build-webui-image
-	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
+	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn build:prod
 	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
 
 .PHONY: generate-webui
@@ -102,7 +100,7 @@ test-integration:
 #? test-gateway-api-conformance: Run the conformance tests
 test-gateway-api-conformance: build-image-dirty
 	# In case of a new Minor/Major version, the k8sConformanceTraefikVersion needs to be updated.
-	GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance -k8sConformanceTraefikVersion="v3.4" $(TESTFLAGS)
+	GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance -k8sConformanceTraefikVersion="v3.5" $(TESTFLAGS)
 
 .PHONY: test-ui-unit
 #? test-ui-unit: Run the unit tests for the webui
@@ -183,11 +181,6 @@ generate-crd:
 generate-genconf:
 	go run ./cmd/internal/gen/
 
-.PHONY: release-packages
-#? release-packages: Create packages for the release
-release-packages: generate-webui
-	$(CURDIR)/script/release-packages.sh
-
 .PHONY: fmt
 #? fmt: Format the Code
 fmt:

README.md

@@ -7,7 +7,6 @@
     </picture>
 </p>
 
-[![Build Status SemaphoreCI](https://traefik-oss.semaphoreci.com/badges/traefik/branches/master.svg?style=shields)](https://traefik-oss.semaphoreci.com/projects/traefik)
 [![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik)
 [![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md)
@@ -152,7 +151,7 @@ We use [Semantic Versioning](https://semver.org/).
 
 ## Credits
 
-Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the gopher's logo!.
+Kudos to [Peka](https://www.instagram.com/pierroks/) for his awesome work on the gopher's logo!.
 
 The gopher's logo of Traefik is licensed under the Creative Commons 3.0 Attributions license.
 

cmd/traefik/logger.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -22,7 +23,7 @@ func init() {
 	zerolog.SetGlobalLevel(zerolog.ErrorLevel)
 }
 
-func setupLogger(staticConfiguration *static.Configuration) error {
+func setupLogger(ctx context.Context, staticConfiguration *static.Configuration) error {
 	// Validate that the experimental flag is set up at this point,
 	// rather than validating the static configuration before the setupLogger call.
 	// This ensures that validation messages are not logged using an un-configured logger.
@@ -39,16 +40,16 @@ func setupLogger(staticConfiguration *static.Configuration) error {
 	zerolog.SetGlobalLevel(logLevel)
 
 	// create logger
-	logCtx := zerolog.New(w).With().Timestamp()
+	logger := zerolog.New(w).With().Timestamp()
 	if logLevel <= zerolog.DebugLevel {
-		logCtx = logCtx.Caller()
+		logger = logger.Caller()
 	}
 
-	log.Logger = logCtx.Logger().Level(logLevel)
+	log.Logger = logger.Logger().Level(logLevel)
 
 	if staticConfiguration.Log != nil && staticConfiguration.Log.OTLP != nil {
 		var err error
-		log.Logger, err = logs.SetupOTelLogger(log.Logger, staticConfiguration.Log.OTLP)
+		log.Logger, err = logs.SetupOTelLogger(ctx, log.Logger, staticConfiguration.Log.OTLP)
 		if err != nil {
 			return fmt.Errorf("setting up OpenTelemetry logger: %w", err)
 		}

cmd/traefik/traefik.go

@@ -90,7 +90,10 @@ Complete documentation is available at https://traefik.io`,
 }
 
 func runCmd(staticConfiguration *static.Configuration) error {
-	if err := setupLogger(staticConfiguration); err != nil {
+	ctx, cancel := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
+	defer cancel()
+
+	if err := setupLogger(ctx, staticConfiguration); err != nil {
 		return fmt.Errorf("setting up logger: %w", err)
 	}
 
@@ -122,8 +125,6 @@ func runCmd(staticConfiguration *static.Configuration) error {
 		return err
 	}
 
-	ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
-
 	if staticConfiguration.Ping != nil {
 		staticConfiguration.Ping.WithContext(ctx)
 	}
@@ -181,7 +182,9 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 
 	// ACME
 
-	tlsManager := traefiktls.NewManager()
+	tlsManager := traefiktls.NewManager(staticConfiguration.OCSP)
+	routinesPool.GoCtx(tlsManager.Run)
+
 	httpChallengeProvider := acme.NewChallengeHTTP()
 
 	tlsChallengeProvider := acme.NewChallengeTLSALPN()
@@ -207,8 +210,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		}
 	}
 	metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
-	accessLog := setupAccessLog(staticConfiguration.AccessLog)
-	tracer, tracerCloser := setupTracing(staticConfiguration.Tracing)
+	accessLog := setupAccessLog(ctx, staticConfiguration.AccessLog)
+	tracer, tracerCloser := setupTracing(ctx, staticConfiguration.Tracing)
 	observabilityMgr := middleware.NewObservabilityMgr(*staticConfiguration, metricsRegistry, semConvMetricRegistry, accessLog, tracer, tracerCloser)
 
 	// Entrypoints
@@ -583,12 +586,12 @@ func appendCertMetric(gauge gokitmetrics.Gauge, certificate *x509.Certificate) {
 	gauge.With(labels...).Set(notAfter)
 }
 
-func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
+func setupAccessLog(ctx context.Context, conf *types.AccessLog) *accesslog.Handler {
 	if conf == nil {
 		return nil
 	}
 
-	accessLoggerMiddleware, err := accesslog.NewHandler(conf)
+	accessLoggerMiddleware, err := accesslog.NewHandler(ctx, conf)
 	if err != nil {
 		log.Warn().Err(err).Msg("Unable to create access logger")
 		return nil
@@ -597,12 +600,12 @@ func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
 	return accessLoggerMiddleware
 }
 
-func setupTracing(conf *static.Tracing) (*tracing.Tracer, io.Closer) {
+func setupTracing(ctx context.Context, conf *static.Tracing) (*tracing.Tracer, io.Closer) {
 	if conf == nil {
 		return nil, nil
 	}
 
-	tracer, closer, err := tracing.NewTracing(conf)
+	tracer, closer, err := tracing.NewTracing(ctx, conf)
 	if err != nil {
 		log.Warn().Err(err).Msg("Unable to create tracer")
 		return nil, nil

docs/content/assets/css/menu-icons.css

@@ -0,0 +1,58 @@
+/* Traefik Hub Menu icon base styles */
+.menu-icon {
+  height: 18px;
+  width: 18px;
+  vertical-align: middle;
+  margin-left: 6px;
+  transition: all 0.2s ease;
+  filter: drop-shadow(0 1px 1px rgba(0,0,0,0.1));
+  display: inline;
+  white-space: nowrap;
+}
+
+/* Ensure parent container keeps items inline */
+.nav-link-with-icon {
+  white-space: nowrap !important;
+  display: inline-flex !important;
+  align-items: center !important;
+}
+
+/* Hover effects */
+.menu-icon:hover {
+  transform: scale(1.05);
+  opacity: 0.8;
+}
+
+/* Tablet responsive */
+@media (max-width: 1024px) {
+  .menu-icon {
+    height: 14px;
+    width: 14px;
+    margin-left: 4px;
+  }
+}
+
+/* Mobile responsive */
+@media (max-width: 768px) {
+  .menu-icon {
+    height: 12px;
+    width: 12px;
+    margin-left: 3px;
+    vertical-align: middle;
+  }
+  
+  /* Keep mobile navigation items inline */
+  .nav-link-with-icon {
+    display: inline-flex !important;
+    align-items: center !important;
+    width: auto !important;
+  }
+}
+
+/* High DPI displays */
+@media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+  .menu-icon {
+    image-rendering: -webkit-optimize-contrast;
+    image-rendering: crisp-edges;
+  }
+}

docs/content/deprecation/releases.md

@@ -6,7 +6,8 @@ Below is a non-exhaustive list of versions and their maintenance status:
 
 | Version | Release Date | Active Support     | Security Support  |
 |---------|--------------|--------------------|-------------------|
-| 3.4     | May 05, 2025 | Yes                | Yes               |
+| 3.5     | Jul 23, 2025 | Yes                | Yes               |
+| 3.4     | May 05, 2025 | Ended Jul 23, 2025 | No                |
 | 3.3     | Jan 06, 2025 | Ended May 05, 2025 | No                |
 | 3.2     | Oct 28, 2024 | Ended Jan 06, 2025 | No                |
 | 3.1     | Jul 15, 2024 | Ended Oct 28, 2024 | No                |

docs/content/expose/docker.md

@@ -258,6 +258,9 @@ labels:
   
   # IP Allowlist Middleware
   - "traefik.http.middlewares.ip-allowlist.ipallowlist.sourceRange=127.0.0.1/32,192.168.0.0/16,10.0.0.0/8"
+  
+  # Apply middlewares to whoami router
+  - "traefik.http.routers.whoami.middlewares=secure-headers,ip-allowlist"
 ```
 
 Add the same middleware to your whoami-api service:

docs/content/expose/kubernetes.md

@@ -325,11 +325,13 @@ kubectl create secret tls whoami-tls --cert=tls.crt --key=tls.key
         web:
           port: 80
           protocol: HTTP
-          namespacePolicy: All
+          namespacePolicy:
+            from: All
         websecure:
           port: 443
           protocol: HTTPS
-          namespacePolicy: All
+          namespacePolicy:
+            from: All
           mode: Terminate
           certificateRefs:
             - kind: Secret

docs/content/extend/extend-traefik.md

@@ -0,0 +1,56 @@
+---
+title: Extend Traefik
+description: Extend Traefik with custom plugins using Yaegi and WebAssembly.
+---
+
+# Extend Traefik
+
+Plugins are a powerful feature for extending Traefik with custom features and behaviors. The [Plugin Catalog](https://plugins.traefik.io/) is a software-as-a-service (SaaS) platform that provides an exhaustive list of the existing plugins.
+
+??? note "Plugin Catalog Access"
+    You can reach the [Plugin Catalog](https://plugins.traefik.io/) from the Traefik Dashboard using the `Plugins` menu entry.
+
+## Add a new plugin to a Traefik instance
+
+To add a new plugin to a Traefik instance, you must change that instance's install (static) configuration. Each plugin's **Install** section provides an install (static) configuration example. Many plugins have their own section in the Traefik routing (dynamic) configuration.
+
+!!! danger "Experimental Features"
+    Plugins can change the behavior of Traefik in unforeseen ways. Exercise caution when adding new plugins to production Traefik instances.
+
+To learn more about how to add a new plugin to a Traefik instance, please refer to the [developer documentation](https://plugins.traefik.io/install).
+
+## Plugin Systems
+
+Traefik supports two different plugin systems, each designed for different use cases and developer preferences.
+
+### Yaegi Plugin System
+
+Traefik [Yaegi](https://github.com/traefik/yaegi) plugins are developed using the Go language. It is essentially a Go package. Unlike pre-compiled plugins, Yaegi plugins are executed on the fly by Yaegi, a Go interpreter embedded in Traefik.
+
+This approach eliminates the need for compilation and a complex toolchain, making plugin development as straightforward as creating web browser extensions. Yaegi plugins support both middleware and provider functionality.
+
+#### Key characteristics
+
+- Written in Go language
+- No compilation required
+- Executed by embedded interpreter
+- Supports full Go feature set
+- Hot-reloadable during development
+
+### WebAssembly (WASM) Plugin System
+
+Traefik WASM plugins can be developed using any language that compiles to WebAssembly (WASM). This method is based on [http-wasm](https://http-wasm.io/).
+
+WASM plugins compile to portable binary modules that execute with near-native performance while maintaining security isolation.
+
+#### Key characteristics
+
+- Multi-language support (Go, Rust, C++, etc.)
+- Compiled to WebAssembly binary
+- Near-native performance
+- Strong security isolation
+- Currently supports middleware only
+
+## Build Your Own Plugins
+
+Traefik users can create their own plugins and share them with the community using the [Plugin Catalog](https://plugins.traefik.io/). To learn more about Traefik plugin creation, please refer to the [developer documentation](https://plugins.traefik.io/create).

docs/content/getting-started/configuration-overview.md

@@ -12,10 +12,10 @@ How the Magic Happens
 
 Configuration in Traefik can refer to two different things:
 
-- The fully dynamic routing configuration (referred to as the _dynamic configuration_)
-- The startup configuration (referred to as the _static configuration_)
+- The fully dynamic routing configuration (referred to as the _routing configuration_, formerly known as the _dynamic configuration_)
+- The startup configuration (referred to as the _install configuration_, formerly known as the _static configuration_)
 
-Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
+Elements in the install configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
 
 The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
 This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
@@ -32,9 +32,9 @@ Since this configuration is specific to your infrastructure choices, we invite y
 
 !!! info ""
 
-    In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers.
+    In the [Quick Start example](../getting-started/quick-start.md), the routing configuration comes from docker in the form of labels attached to your containers.
 
-!!! info "HTTPS Certificates also belong to the dynamic configuration."
+!!! info "HTTPS Certificates also belong to the routing configuration."
 
     You can add / update / remove them without restarting your Traefik instance.
 
@@ -79,14 +79,14 @@ traefik --help
 # or
 
 docker run traefik[:version] --help
-# ex: docker run traefik:v3.4 --help
+# ex: docker run traefik:v3.5 --help
 ```
 
-Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.
+Check the [CLI reference](../reference/install-configuration/configuration-options.md "Link to CLI reference overview") for an overview about all available arguments.
 
 ### Environment Variables
 
-All available environment variables can be found in the [static configuration environment overview](../reference/static-configuration/env.md).
+All available environment variables can be found in the [static configuration environment overview](../reference/install-configuration/configuration-options.md).
 
 ## Available Configuration Options
 

docs/content/getting-started/docker.md

@@ -36,7 +36,7 @@ This configuration:
 # docker-compose.yml
 services:
   traefik:
-    image: traefik:v3.4
+    image: traefik:v3.5
     command:
       - "--api.insecure=true"
       - "--providers.docker=true"
@@ -84,7 +84,7 @@ docker run -d \
   -p 8080:8080 \
   -v $PWD/traefik.yml:/etc/traefik/traefik.yml \
   -v /var/run/docker.sock:/var/run/docker.sock \
-  traefik:v3.4
+  traefik:v3.5
 ```
 
 ## Expose the Dashboard

docs/content/getting-started/install-traefik.md

@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
 
 Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
 
-* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.4/traefik.sample.yml)
-* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.4/traefik.sample.toml)
+* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.5/traefik.sample.yml)
+* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.5/traefik.sample.toml)
 
 ```shell
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.4
+    -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.5
 ```
 
 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 !!! tip
 
     * Prefer a fixed version than the latest that could be an unexpected version.
-    ex: `traefik:v3.4`
+    ex: `traefik:v3.5`
     * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
     * Any orchestrator using docker images can fetch the official Traefik docker image.
 

docs/content/getting-started/kubernetes.md

@@ -79,7 +79,10 @@ providers:
   kubernetesGateway:
     enabled: true
 gateway:
-  namespacePolicy: All
+  listeners:
+    web:
+      namespacePolicy:
+        from: All
 ```
 
 !!! info
@@ -106,7 +109,7 @@ helm install traefik traefik/traefik --wait \
   --set ingressRoute.dashboard.matchRule='Host(`dashboard.localhost`)' \
   --set ingressRoute.dashboard.entryPoints={web} \
   --set providers.kubernetesGateway.enabled=true \
-  --set gateway.namespacePolicy=All
+  --set gateway.listeners.web.namespacePolicy.from=All
 ```
 
 !!! info

docs/content/https/acme.md

@@ -250,6 +250,34 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
 !!! info ""
     Redirection is fully compatible with the `HTTP-01` challenge.
 
+#### `Delay`
+
+The delay between the creation of the challenge and the validation.
+A value lower than or equal to zero means no delay.
+
+```yaml tab="File (YAML)"
+certificatesResolvers:
+  myresolver:
+    acme:
+      # ...
+      httpChallenge:
+        # ...
+        delay: 12
+```
+
+```toml tab="File (TOML)"
+[certificatesResolvers.myresolver.acme]
+  # ...
+  [certificatesResolvers.myresolver.acme.httpChallenge]
+    # ...
+    delay = 12
+```
+
+```bash tab="CLI"
+# ...
+--certificatesresolvers.myresolver.acme.httpchallenge.delay=12
+```
+
 ### `dnsChallenge`
 
 Use the `DNS-01` challenge to generate and renew ACME certificates by provisioning a DNS record.
@@ -324,13 +352,14 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Auroradns](https://www.pcextreme.com/dns-health-checks)               | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
 | [Autodns](https://www.internetx.com/domains/autodns/)                  | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
 | [Axelname](https://axelname.ru)                                        | `axelname`         | `AXELNAME_NICKNAME`, `AXELNAME_TOKEN`                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/axelname)         |
-| [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED)        | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`                                        | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
+| [Azion](https://www.azion.com/en/products/edge-dns/)                   | `azion`            | `AZION_PERSONAL_TOKEN`                                                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/azion)            |
+| [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED)        | `azure`            | DEPRECATED use `azuredns` instead.                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
 | [AzureDNS](https://azure.microsoft.com/services/dns/)                  | `azuredns`         | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_ENVIRONMENT]`, `[AZURE_PRIVATE_ZONE]`, `[AZURE_ZONE_NAME]` | [Additional configuration](https://go-acme.github.io/lego/dns/azuredns)         |
 | [Baidu Cloud](https://cloud.baidu.com)                                 | `baiducloud`       | `BAIDUCLOUD_ACCESS_KEY_ID`, `BAIDUCLOUD_SECRET_ACCESS_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/baiducloud)       |
 | [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)             | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
 | [Blue Cat](https://www.bluecatnetworks.com/)                           | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
 | [BookMyName](https://www.bookmyname.com)                               | `bookmyname`       | `BOOKMYNAME_USERNAME`, `BOOKMYNAME_PASSWORD`                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/bookmyname)       |
-| [Brandit](https://www.brandit.com) (DEPRECATED)                        | `brandit`          | `BRANDIT_API_USERNAME`, `BRANDIT_API_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/brandit)          |
+| [Brandit](https://www.brandit.com) (DEPRECATED)                        | `brandit`          | DEPRECATED                                                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/brandit)          |
 | [Bunny](https://bunny.net)                                             | `bunny`            | `BUNNY_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/bunny)            |
 | [Checkdomain](https://www.checkdomain.de/)                             | `checkdomain`      | `CHECKDOMAIN_TOKEN`,                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/)     |
 | [Civo](https://www.civo.com/)                                          | `civo`             | `CIVO_TOKEN`                                                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/civo)             |
@@ -338,7 +367,8 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [CloudDNS](https://vshosting.eu/)                                      | `clouddns`         | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)         |
 | [Cloudflare](https://www.cloudflare.com)                               | `cloudflare`       | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)       |
 | [ClouDNS](https://www.cloudns.net/)                                    | `cloudns`          | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)          |
-| [CloudXNS](https://www.cloudxns.net) (DEPRECATED)                      | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
+| [CloudXNS](https://www.cloudxns.net) (DEPRECATED)                      | `cloudxns`         | DEPRECATED                                                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
+| [ConoHa v3](https://www.conoha.jp/)                                    | `conohav3`         | `CONOHAV3_TENANT_ID`, `CONOHAV3_API_USER_ID`, `CONOHAV3_API_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conohav3)         |
 | [ConoHa](https://www.conoha.jp)                                        | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
 | [Constellix](https://constellix.com)                                   | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
 | [Core-Networks](https://www.core-networks.de)                          | `corenetworks`     | `CORENETWORKS_LOGIN`, `CORENETWORKS_PASSWORD`                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/corenetworks)     |
@@ -350,12 +380,13 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [DNS Made Easy](https://dnsmadeeasy.com)                               | `dnsmadeeasy`      | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)      |
 | [dnsHome.de](https://www.dnshome.de)                                   | `dnsHomede`        | `DNSHOMEDE_CREDENTIALS`                                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede)        |
 | [DNSimple](https://dnsimple.com)                                       | `dnsimple`         | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)         |
-| [DNSPod](https://www.dnspod.com/)                                      | `dnspod`           | `DNSPOD_API_KEY`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
+| [DNSPod](https://www.dnspod.com/) (DEPRECATED)                         | `dnspod`           | DEPRECATED  use `tencentcloud` instead.                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
 | [Domain Offensive (do.de)](https://www.do.de/)                         | `dode`             | `DODE_TOKEN`                                                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/dode)             |
 | [Domeneshop](https://domene.shop)                                      | `domeneshop`       | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)       |
 | [DreamHost](https://www.dreamhost.com/)                                | `dreamhost`        | `DREAMHOST_API_KEY`                                                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)        |
 | [Duck DNS](https://www.duckdns.org/)                                   | `duckdns`          | `DUCKDNS_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)          |
 | [Dyn](https://dyn.com)                                                 | `dyn`              | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)              |
+| [DynDnsFree.de](https://www.dyndnsfree.de)                             | `dyndnsfree`       | `DYNDNSFREE_USERNAME`, `DYNDNSFREE_PASSWORD`                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/dyndnsfree)       |
 | [Dynu](https://www.dynu.com)                                           | `dynu`             | `DYNU_API_KEY`                                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)             |
 | [EasyDNS](https://easydns.com/)                                        | `easydns`          | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)          |
 | [EdgeDNS](https://www.akamai.com/)                                     | `edgedns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
@@ -371,7 +402,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Glesys](https://glesys.com/)                                          | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
 | [GoDaddy](https://www.godaddy.com)                                     | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
 | [Google Cloud DNS](https://cloud.google.com/dns/docs/)                 | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
-| [Google Domains](https://domains.google)                               | `googledomains`    | `GOOGLE_DOMAINS_ACCESS_TOKEN`                                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains)    |
+| [Google Domains](https://domains.google) (DEPRECATED)                  | `googledomains`    | DEPRECATED                                                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains)    |
 | [Hetzner](https://hetzner.com)                                         | `hetzner`          | `HETZNER_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
 | [hosting.de](https://www.hosting.de)                                   | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
 | [Hosttech](https://www.hosttech.eu)                                    | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
@@ -432,6 +463,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [RFC2136](https://tools.ietf.org/html/rfc2136)                         | `rfc2136`          | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)          |
 | [RimuHosting](https://rimuhosting.com)                                 | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
 | [Route 53](https://aws.amazon.com/route53/)                            | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
+| [RU Center](https://nic.ru/)                                           | `nicru`            | `NICRU_USER`, `NICRU_PASSWORD`, `NICRU_SERVICE_ID`, `NICRU_SECRET`, `NICRU_SERVICE_NAME`                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/nicru)            |
 | [Sakura Cloud](https://cloud.sakura.ad.jp/)                            | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
 | [Scaleway](https://www.scaleway.com)                                   | `scaleway`         | `SCW_API_TOKEN`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
 | [Selectel v2](https://selectel.ru/en/)                                 | `selectelv2`       | `SELECTELV2_ACCOUNT_ID`, `SELECTELV2_PASSWORD`, `SELECTELV2_PROJECT_ID`, `SELECTELV2_USERNAME`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/selectelv2)       |
@@ -466,6 +498,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Yandex Cloud](https://cloud.yandex.com/en/)                           | `yandexcloud`      | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud)      |
 | [Yandex](https://yandex.com)                                           | `yandex`           | `YANDEX_PDD_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)           |
 | [Zone.ee](https://www.zone.ee)                                         | `zoneee`           | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)           |
+| [ZoneEdit](https://www.zoneedit.com)                                   | `zoneedit`         | `ZONEEDIT_USER`, `ZONEEDIT_AUTH_TOKEN`                                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/zoneedit)         |
 | [Zonomi](https://zonomi.com)                                           | `zonomi`           | `ZONOMI_API_KEY`                                                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)           |
 | External Program                                                       | `exec`             | `EXEC_PATH`                                                                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/exec)             |
 | HTTP request                                                           | `httpreq`          | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)          |
@@ -809,6 +842,71 @@ certificatesResolvers:
 # ...
 ```
 
+### `clientTimeout`
+
+_Optional, Default=2m_
+
+`clientTimeout` is the total timeout for a complete HTTP transaction (including TCP connection, sending request and receiving response) with the ACME server.
+It defaults to 2 minutes.
+
+!!! warning "This timeout encompasses the entire request-response cycle, including the response headers timeout. It must be at least `clientResponseHeaderTimeout`, otherwise the certificate resolver will fail to start."
+
+```yaml tab="File (YAML)"
+certificatesResolvers:
+  myresolver:
+    acme:
+      # ...
+      clientTimeout: 1m
+      # ...
+```
+
+```toml tab="File (TOML)"
+[certificatesResolvers.myresolver.acme]
+  # ...
+  clientTimeout=1m
+  # ...
+```
+
+```bash tab="CLI"
+# ...
+--certificatesresolvers.myresolver.acme.clientTimeout=1m
+# ...
+```
+
+!!! warning
+    This should not be confused with any timeouts used for validating challenges.
+
+### `clientResponseHeaderTimeout`
+
+_Optional, Default=30s_
+
+`clientResponseHeaderTimeout` defines how long the HTTP client waits for response headers when communicating with the `caServer`.
+It defaults to 30 seconds. 
+
+!!! warning "It must be lower than `clientTimeout`, otherwise the certificate resolver will fail to start."
+
+```yaml tab="File (YAML)"
+certificatesResolvers:
+  myresolver:
+    acme:
+      # ...
+      clientResponseHeaderTimeout: 1m
+      # ...
+```
+
+```toml tab="File (TOML)"
+[certificatesResolvers.myresolver.acme]
+  # ...
+  clientResponseHeaderTimeout=1m
+  # ...
+```
+
+```bash tab="CLI"
+# ...
+--certificatesresolvers.myresolver.acme.clientResponseHeaderTimeout=1m
+# ...
+```
+
 ### `preferredChain`
 
 _Optional, Default=""_

docs/content/https/ocsp.md

@@ -0,0 +1,71 @@
+---
+title: "Traefik OCSP Documentation"
+description: "Learn how to configure Traefik to use OCSP. Read the technical documentation."
+---
+
+# OCSP
+
+Check certificate status and perform OCSP stapling.
+{: .subtitle }
+
+## Overview
+
+### OCSP Stapling
+
+When OCSP is enabled, Traefik checks the status of every certificate in the store that provides an OCSP responder URL,
+including the default certificate, and staples the OCSP response to the TLS handshake.
+The OCSP check is performed when the certificate is loaded,
+and once every hour until it is successful at the halfway point before the update date.
+
+### Caching
+
+Traefik caches the OCSP response as long as the associated certificate is provided by the configuration.
+When a certificate is no longer provided,
+the OCSP response has a 24 hour TTL waiting to be provided again or eventually removed.
+The OCSP response is cached in memory and is not persisted between Traefik restarts.
+
+## Configuration
+
+### General
+
+Enabling OCSP is part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
+It can be defined by using a file (YAML or TOML) or CLI arguments:
+
+```yaml tab="File (YAML)"
+## Static configuration
+ocsp: {}
+```
+
+```toml tab="File (TOML)"
+## Static configuration
+[ocsp]
+```
+
+```bash tab="CLI"
+## Static configuration
+--ocsp=true
+```
+
+### Responder Overrides
+
+The `responderOverrides` option defines the OCSP responder URLs to use instead of the one provided by the certificate.
+This is useful when you want to use a different OCSP responder.
+
+```yaml tab="File (YAML)"
+## Static configuration
+ocsp:
+  responderOverrides:
+    foo: bar
+```
+
+```toml tab="File (TOML)"
+## Static configuration
+[ocsp]
+  [ocsp.responderOverrides]
+    foo = "bar"
+```
+
+```bash tab="CLI"
+## Static configuration
+-ocsp.responderoverrides.foo=bar
+```

docs/content/https/ref-acme.toml

@@ -30,6 +30,20 @@
   #
   # certificatesDuration=2160
 
+  # Timeout for a complete HTTP transaction with the ACME server.
+  #
+  # Optional
+  # Default: 2m
+  #
+  # clientTimeout="2m"
+
+  # Timeout for receiving the response headers when communicating with the ACME server.
+  #
+  # Optional
+  # Default: 30s
+  #
+  # clientResponseHeaderTimeout="30s"
+
   # Preferred chain to use.
   #
   # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.

docs/content/https/ref-acme.txt

@@ -29,6 +29,20 @@
 #
 --certificatesresolvers.myresolver.acme.certificatesDuration=2160
 
+# Timeout for a complete HTTP transaction with the ACME server.
+#
+# Optional
+# Default: 2m
+#
+--certificatesresolvers.myresolver.acme.clientTimeout=2m
+
+# Timeout for receiving the response headers when communicating with the ACME server.
+#
+# Optional
+# Default: 30s
+#
+--certificatesresolvers.myresolver.acme.clientResponseHeaderTimeout=30s
+
 # Preferred chain to use.
 #
 # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.

docs/content/https/ref-acme.yaml

@@ -32,6 +32,20 @@ certificatesResolvers:
       #
       # certificatesDuration: 2160
 
+      # Timeout for a complete HTTP transaction with the ACME server.
+      #
+      # Optional
+      # Default: 2m
+      #
+      # clientTimeout: "2m"
+
+      # Timeout for receiving the response headers when communicating with the ACME server.
+      #
+      # Optional
+      # Default: 30s
+      #
+      # clientResponseHeaderTimeout: "30s"
+
       # Preferred chain to use.
       #
       # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.

docs/content/https/tls.md

@@ -234,7 +234,7 @@ The TLS options allow one to configure some parameters of the TLS connection.
 
 !!! important "TLSOption in Kubernetes"
 
-    When using the [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
+    When using the [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
     if not explicitly overwritten, should apply to all ingresses.  
     To achieve that, you'll have to create a TLSOption resource with the name `default`.
     There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.  
@@ -503,7 +503,7 @@ Traefik supports mutual authentication, through the `clientAuth` section.
 
 For authentication policies that require verification of the client certificate, the certificate authority for the certificates should be set in `clientAuth.caFiles`.
 
-In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) for more details.
+In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) for more details.
 
 The `clientAuth.clientAuthType` option governs the behaviour as follows:
 

docs/content/index.md

@@ -11,7 +11,7 @@ Traefik is an [open-source](https://github.com/traefik/traefik) Application Prox
 
 If you start with Traefik for service discovery and routing, you can seamlessly add [API management](https://traefik.io/solutions/api-management/), [API gateway](https://traefik.io/solutions/api-gateway/), [AI gateway](https://traefik.io/solutions/ai-gateway/), and [API mocking](https://traefik.io/solutions/api-mocking/) capabilities as needed.
 
-With 3.3 billion downloads and over 55k stars on GitHub, Traefik is used globally across hybrid cloud, multi-cloud, on prem, and bare metal environments running Kuberentes, Docker Swarm, AWS, [the list goes on](https://doc.traefik.io/traefik/reference/install-configuration/providers/overview/).
+With 3.3 billion downloads and over 55k stars on GitHub, Traefik is used globally across hybrid cloud, multi-cloud, on prem, and bare metal environments running Kubernetes, Docker Swarm, AWS, [the list goes on](https://doc.traefik.io/traefik/reference/install-configuration/providers/overview/).
 
 Here’s how it works—Traefik receives requests on behalf of your system, identifies which components are responsible for handling them, and routes them securely. It automatically discovers the right configuration for your services by inspecting your infrastructure to identify relevant information and which service serves which request.
 

docs/content/middlewares/http/addprefix.md

@@ -8,8 +8,6 @@ description: "Learn how to implement the HTTP AddPrefix middleware in Traefik Pr
 Prefixing the Path
 {: .subtitle }
 
-![AddPrefix](../../assets/img/middleware/addprefix.png)
-
 The AddPrefix middleware updates the path of a request before forwarding it.
 
 ## Configuration Examples

docs/content/middlewares/http/basicauth.md

@@ -8,8 +8,6 @@ description: "The HTTP basic authentication (BasicAuth) middleware in Traefik Pr
 Adding Basic Authentication
 {: .subtitle }
 
-![BasicAuth](../../assets/img/middleware/basicauth.png)
-
 The BasicAuth middleware grants access to services to authorized users only.
 
 ## Configuration Examples

docs/content/middlewares/http/buffering.md

@@ -8,8 +8,6 @@ description: "The HTTP buffering middleware in Traefik Proxy limits the size of
 How to Read the Request before Forwarding It
 {: .subtitle }
 
-![Buffering](../../assets/img/middleware/buffering.png)
-
 The Buffering middleware limits the size of requests that can be forwarded to services.
 
 With Buffering, Traefik reads the entire request into memory (possibly buffering large requests into disk), and rejects requests that are over a specified size limit.

docs/content/middlewares/http/chain.md

@@ -8,8 +8,6 @@ description: "The HTTP chain middleware lets you define reusable combinations of
 When One Isn't Enough
 {: .subtitle }
 
-![Chain](../../assets/img/middleware/chain.png)
-
 The Chain middleware enables you to define reusable combinations of other pieces of middleware.
 It makes reusing the same groups easier.
 

docs/content/middlewares/http/circuitbreaker.md

@@ -8,8 +8,6 @@ description: "The HTTP circuit breaker in Traefik Proxy prevents stacking reques
 Don't Waste Time Calling Unhealthy Services
 {: .subtitle }
 
-![CircuitBreaker](../../assets/img/middleware/circuitbreaker.png)
-
 The circuit breaker protects your system from stacking requests to unhealthy services, resulting in cascading failures.
 
 When your system is healthy, the circuit is closed (normal operations).

docs/content/middlewares/http/compress.md

@@ -8,8 +8,6 @@ description: "Traefik Proxy's HTTP middleware lets you compress responses before
 Compress Allows Compressing Responses before Sending them to the Client
 {: .subtitle }
 
-![Compress](../../assets/img/middleware/compress.png)
-
 The Compress middleware supports Gzip, Brotli and Zstandard compression.
 The activation of compression, and the compression method choice rely (among other things) on the request's `Accept-Encoding` header.
 

docs/content/middlewares/http/digestauth.md

@@ -8,8 +8,6 @@ description: "Traefik Proxy's HTTP DigestAuth middleware restricts access to you
 Adding Digest Authentication
 {: .subtitle }
 
-![BasicAuth](../../assets/img/middleware/digestauth.png)
-
 The DigestAuth middleware grants access to services to authorized users only.
 
 ## Configuration Examples

docs/content/middlewares/http/errorpages.md

@@ -8,8 +8,6 @@ description: "In Traefik Proxy, the Errors middleware returns custom pages accor
 It Has Never Been Easier to Say That Something Went Wrong
 {: .subtitle }
 
-![Errors](../../assets/img/middleware/errorpages.png)
-
 The Errors middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
 
 !!! important

docs/content/middlewares/http/forwardauth.md

@@ -8,8 +8,6 @@ description: "In Traefik Proxy, the HTTP ForwardAuth middleware delegates authen
 Using an External Service to Forward Authentication
 {: .subtitle }
 
-![AuthForward](../../assets/img/middleware/authforward.png)
-
 The ForwardAuth middleware delegates authentication to an external service.
 If the service answers with a 2XX code, access is granted, and the original request is performed.
 Otherwise, the response from the authentication server is returned.

docs/content/middlewares/http/headers.md

@@ -8,8 +8,6 @@ description: "In Traefik Proxy, the HTTP headers middleware manages the headers
 Managing Request/Response headers
 {: .subtitle }
 
-![Headers](../../assets/img/middleware/headers.png)
-
 The Headers middleware manages the headers of requests and responses.
 
 A set of forwarded headers are automatically added by default. See the [FAQ](../../getting-started/faq.md#what-are-the-forwarded-headers-when-proxying-http-requests) for more information.

docs/content/middlewares/http/inflightreq.md

@@ -8,8 +8,6 @@ description: "Traefik Proxy's HTTP middleware lets you limit the number of simul
 Limiting the Number of Simultaneous In-Flight Requests
 {: .subtitle }
 
-![InFlightReq](../../assets/img/middleware/inflightreq.png)
-
 To proactively prevent services from being overwhelmed with high load, the number of allowed simultaneous in-flight requests can be limited.
 
 ## Configuration Examples

docs/content/middlewares/http/ipwhitelist.md

@@ -8,8 +8,6 @@ description: "Learn how to use IPWhiteList in HTTP middleware for limiting clien
 Limiting Clients to Specific IPs
 {: .subtitle }
 
-![IPWhiteList](../../assets/img/middleware/ipwhitelist.png)
-
 IPWhiteList limits allowed requests based on the client IP.
 
 !!! warning

docs/content/middlewares/http/overview.md

@@ -8,8 +8,6 @@ description: "Read the official Traefik Proxy documentation for an overview of t
 Controlling connections
 {: .subtitle }
 
-![Overview](../../assets/img/middleware/overview.png)
-
 ## Configuration Example
 
 ```yaml tab="Docker & Swarm"

docs/content/middlewares/overview.md

@@ -8,8 +8,6 @@ description: "There are several available middleware in Traefik Proxy used to mo
 Tweaking the Request
 {: .subtitle }
 
-![Overview](../assets/img/middleware/overview.png)
-
 Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your [service](../routing/services/index.md) (or before the answer from the services are sent to the clients).
 
 There are several available middleware in Traefik, some can modify the request, the headers, some are in charge of redirections, some add authentication, and so on.

docs/content/middlewares/tcp/overview.md

@@ -8,8 +8,6 @@ description: "Read the official Traefik Proxy documentation for an overview of t
 Controlling connections
 {: .subtitle }
 
-![Overview](../../assets/img/middleware/overview.png)
-
 ## Configuration Example
 
 ```yaml tab="Docker & Swarm"

docs/content/migrate/v2-to-v3-details.md

@@ -5,7 +5,7 @@ description: "Configuration changes and their details to successfully migrate fr
 
 # Configuration Details for Migrating from Traefik v2 to v3
 
-## Static Configuration Changes
+## Install Configuration Changes
 
 ### SwarmMode
 
@@ -619,7 +619,7 @@ Please take a look at the observability documentation for more information:
 In v3, the `ServiceURL` field is not an object anymore but a string representation.
 An update may be required if you index access logs.
 
-## Dynamic Configuration Changes
+## Routing Configuration Changes
 
 ### Router Rule Matchers
 

docs/content/migrate/v3.md

@@ -113,9 +113,9 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.3/docs/con
 
 **Updated Resources:**
 
-- [TraefikService](../../routing/services#mirroring-service) ([PR #11032](https://github.com/traefik/traefik/pull/11032))
-- [RateLimit](../../middlewares/http/ratelimit) & [InFlightReq](../../middlewares/http/inflightreq) middlewares ([PR #9747](https://github.com/traefik/traefik/pull/9747))
-- [Compress](../../middlewares/http/compress) middleware ([PR #10943](https://github.com/traefik/traefik/pull/10943))
+- [TraefikService](../../routing/services/#mirroring-service) ([PR #11032](https://github.com/traefik/traefik/pull/11032))
+- [RateLimit](../../middlewares/http/ratelimit/) & [InFlightReq](../../middlewares/http/inflightreq/) middlewares ([PR #9747](https://github.com/traefik/traefik/pull/9747))
+- [Compress](../../middlewares/http/compress/) middleware ([PR #10943](https://github.com/traefik/traefik/pull/10943))
 
 ### Kubernetes Gateway Provider Standard Channel
 
@@ -420,3 +420,53 @@ The following table illustrates how path matching behavior has changed:
 | `/foo/../bar`     | ```PathPrefix(`/bar`)```     | Match          | Match          | Resolves to `/bar` after sanitization |
 | `/foo/%2E%2E/bar` | ```PathPrefix(`/foo`)```     | Match          | No match       | Encoded dots normalized then sanitized |
 | `/foo/%2E%2E/bar` | ```PathPrefix(`/bar`)```     | No match       | Match          | Resolves to `/bar` after normalization + sanitization |
+
+## v3.4.5
+
+### MultiPath TCP
+
+Since `v3.4.5`, the MultiPath TCP support introduced with `v3.4.2` has been removed.
+It appears that enabling MPTCP on some platforms can cause Traefik to stop with the following error logs message:
+
+- `set tcp X.X.X.X:X->X.X.X.X:X: setsockopt: operation not supported`
+
+However, it can be re-enabled by setting the `multipathtcp` variable in the GODEBUG environment variable, see the related [go documentation](https://go.dev/doc/godebug#go-124).
+
+## v3.5.0
+
+### Observability
+
+#### TraceVerbosity on Routers and Entrypoints
+
+Starting with `v3.5.0`, a new `traceVerbosity` option is available for both entrypoints and routers.
+This option allows you to control the level of detail for tracing spans.
+Routers can override the value inherited from their entrypoint.
+
+**Impact:**
+
+- If you rely on tracing, review your configuration to explicitly set the desired verbosity level.
+- Existing configurations will default to `minimal` unless overridden, which will result in fewer spans being generated than before.
+
+Possible values are:
+
+- `minimal`: produces a single server span and one client span for each request processed by a router.
+- `detailed`: enables the creation of additional spans for each middleware executed for each request processed by a router.
+
+See the updated documentation for [entrypoints](../reference/install-configuration/entrypoints.md) and [dynamic routers](../reference/routing-configuration/http/router/observability.md#traceverbosity).
+
+#### K8s Resource Attributes
+
+Since `v3.5.0`, the semconv attributes `k8s.pod.name` and `k8s.pod.uid` are injected automatically in OTel resource attributes when OTel tracing/logs/metrics are enabled.
+
+For that purpose, the following right has to be added to the Traefik Kubernetes RBACs:
+
+```yaml
+  ...
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  ...
+```

docs/content/migration/v3.md

@@ -1,332 +0,0 @@
----
-title: "Traefik Migration Documentation"
-description: "Learn the steps needed to migrate to new Traefik Proxy v3 versions. Read the technical documentation."
----
-
-# Migration: Steps needed between the versions
-
-## v3.0 to v3.1
-
-### Kubernetes Provider RBACs
-
-Starting with v3.1, the Kubernetes Providers now use the [EndpointSlices API](https://kubernetes.io/docs/concepts/services-networking/endpoint-slices/) (Kubernetes >=v1.21) to discover service endpoint addresses.
-It also brings NodePort load-balancing which requires Nodes resources lookup.
-
-Therefore, in the corresponding RBACs (see [KubernetesIngress](../routing/providers/kubernetes-ingress.md#configuration-example), [KubernetesCRD](../reference/dynamic-configuration/kubernetes-crd.md#rbac), and [KubernetesGateway](../reference/dynamic-configuration/kubernetes-gateway-rbac.yml) provider RBACs):
-
-- the `endpoints` right has to be removed and the following `endpointslices` right has to be added:
-
-```yaml
-  ... 
-  - apiGroups:
-      - discovery.k8s.io
-    resources:
-      - endpointslices
-    verbs:
-      - list
-      - watch
-  ...
-```
-
-- the `nodes` right has to be added:
-
-```yaml
-  ...
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - get
-      - list
-      - watch
-  ...
-```
-
-#### Gateway API: KubernetesGateway Provider
-
-In v3.1, the KubernetesGateway Provider is no longer an experimental feature.
-It can be enabled without the associated `experimental.kubernetesgateway` option, which is now deprecated.
-
-??? example "An example of the experimental `kubernetesgateway` option"
-
-    ```yaml tab="File (YAML)"
-    experimental:
-      kubernetesgateway: true
-    ```
-
-    ```toml tab="File (TOML)"
-    [experimental]
-        kubernetesgateway=true
-    ```
-
-    ```bash tab="CLI"
-    --experimental.kubernetesgateway=true
-    ```
-
-##### Remediation
-
-The `kubernetesgateway` option should be removed from the experimental section of the static configuration.
-To configure `kubernetesgateway`, please check out the [KubernetesGateway Provider documentation](../providers/kubernetes-gateway.md).
-
-## v3.1.0 to v3.1.1
-
-### IngressClass Lookup
-
-The Kubernetes Ingress provider option `disableIngressClassLookup` has been deprecated in v3.1.1, and will be removed in the next major version.
-Please use the `disableClusterScopeResources` option instead to avoid cluster scope resources discovery (IngressClass, Nodes).
-
-## v3.1 to v3.2
-
-### Kubernetes CRD Provider
-
-Starting with v3.2, the CRDs has been updated on [TraefikService](../../routing/services#mirroring-service) (PR [#11032](https://github.com/traefik/traefik/pull/11032)), on [RateLimit](../../middlewares/http/ratelimit) & [InFlightReq](../../middlewares/http/inflightreq) middlewares (PR [#9747](https://github.com/traefik/traefik/pull/9747)) and on [Compress](../../middlewares/http/compress) middleware (PR [#10943](https://github.com/traefik/traefik/pull/10943)).
-
-This update adds only new optional fields.
-CRDs can be updated with this command:
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.3/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
-```
-
-### Kubernetes Gateway Provider Standard Channel
-
-Starting with v3.2, the Kubernetes Gateway Provider now supports [GRPCRoute](https://gateway-api.sigs.k8s.io/api-types/grpcroute/).
-
-Therefore, in the corresponding RBACs (see [KubernetesGateway](../reference/dynamic-configuration/kubernetes-gateway-rbac.yml) provider RBACs),
-the `grcroutes` and `grpcroutes/status` rights have to be added.
-
-```yaml
-  ...
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - grpcroutes
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - grpcroutes/status
-    verbs:
-      - update
-  ...
-```
-
-### Kubernetes Gateway Provider Experimental Channel
-
-!!! warning "Breaking changes"
-
-    Because of a breaking change introduced in Kubernetes Gateway [v1.2.0-rc1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.2.0-rc1),
-    Traefik v3.3 only supports Kubernetes Gateway v1.2.x when experimental channel features are enabled.
-
-Starting with v3.2, the Kubernetes Gateway Provider now supports [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/).
-
-Therefore, in the corresponding RBACs (see [KubernetesGateway](../reference/dynamic-configuration/kubernetes-gateway-rbac.yml) provider RBACs),
-the `backendtlspolicies` and `backendtlspolicies/status` rights have to be added.
-
-```yaml
-  ...
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - backendtlspolicies
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - gateway.networking.k8s.io
-    resources:
-      - backendtlspolicies/status
-    verbs:
-      - update
-  ...
-```
-
-## v3.2.1
-
-### X-Forwarded-Prefix
-
-In `v3.2.1`, the `X-Forwarded-Prefix` header is now handled like the other `X-Forwarded-*` headers: Traefik removes it when it's sent from an untrusted source.
-Please refer to the Forwarded headers [documentation](../routing/entrypoints.md#forwarded-headers) for more details.
-
-## v3.2.2
-
-### Swarm Provider
-
-In `v3.2.2`, the `traefik.docker.network` and `traefik.docker.lbswarm` labels have been deprecated,
-please use the `traefik.swarm.network` and `traefik.swarm.lbswarm` labels instead.
-
-## v3.2 to v3.3
-
-### ACME DNS Certificate Resolver
-
-In `v3.3`, the `acme.dnsChallenge.delaybeforecheck` and `acme.dnsChallenge.disablepropagationcheck` options of the ACME certificate resolver are deprecated, 
-please use respectively `acme.dnsChallenge.propagation.delayBeforeChecks` and `acme.dnsChallenge.propagation.disableChecks` options instead.
-
-### Tracing Global Attributes
-
-In `v3.3`, the `tracing.globalAttributes` option has been deprecated, please use the `tracing.resourceAttributes` option instead.
-The `tracing.globalAttributes` option is misleading as its name does not reflect the operation of adding resource attributes to be sent to the collector,
-and will be removed in the next major version.
-
-## v3.3.4
-
-### OpenTelemetry Request Duration metric
-
-In `v3.3.4`, the OpenTelemetry Request Duration metric (named `traefik_(entrypoint|router|service)_request_duration_seconds`) unit has been changed from milliseconds to seconds.
-To be consistent with the naming and other metrics providers, the metric now reports the duration in seconds.
-
-## v3.3.5
-
-### Compress Middleware
-
-In `v3.3.5`, the compress middleware `encodings` option default value is now `gzip, br, zstd`. 
-This change helps the algorithm selection to favor the `gzip` algorithm over the other algorithms.
-
-It impacts requests that do not specify their preferred algorithm,
-or has no order preference, in the `Accept-Encoding` header.
-
-## v3.3.6
-
-### Request Path Sanitization
-
-Since `v3.3.6`, the incoming request path is now cleaned before being used to match the router rules and sent to the backends.
-Any `/../`, `/./` or duplicate slash segments in the request path is interpreted and/or collapsed.
-
-If you want to disable this behavior, you can set the [`sanitizePath` option](../reference/install-configuration/entrypoints.md#sanitizepath) to `false` in the entryPoint HTTP configuration.
-This can be useful when dealing with legacy clients that are not url-encoding data in the request path.
-For example, as base64 uses the “/” character internally,
-if it's not url encoded,
-it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
-
-!!! warning "Security"
-
-    Setting the `sanitizePath` option to `false` is not safe.
-    Ensure every request is properly url encoded instead.
-
-## v3.3 to v3.4
-
-### Kubernetes CRD Provider
-
-#### Load-Balancing
-
-In `v3.4`, the HTTP service definition has been updated.
-The strategy field now supports two new values: `wrr` and `p2c` (please refer to the [HTTP Services Load Balancing documentation](../../routing/services/#load-balancing-strategy) for more details).
-
-CRDs can be updated with this command:
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
-```
-
-Please note that the `RoundRobin` strategy value is now deprecated, but still supported and equivalent to `wrr`, and will be removed in the next major release.
-
-#### ServersTransport CA Certificate
-
-In `v3.4`, a new `rootCAs` option has been added to the `ServersTransport` and `ServersTransportTCP` CRDs.
-It allows the configuration of CA certificates from both `ConfigMaps` and `Secrets`,
-and replaces the `rootCAsSecrets` option, as shown below:
-
-CRDs can be updated with this command:
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
-```
-
-RBACs need to be updated with this command:
-
-```shell
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
-```
-
-```yaml
----
-apiVersion: traefik.io/v1alpha1
-kind: ServersTransport
-metadata:
-  name: foo
-  namespace: bar
-spec:
-  rootCAs:
-    - configMap: ca-config-map
-    - secret: ca-secret
-      
----      
-apiVersion: traefik.io/v1alpha1
-kind: ServersTransportTCP
-metadata:
-  name: foo
-  namespace: bar
-spec:
-  rootCAs:
-    - configMap: ca-config-map
-    - secret: ca-secret
-```
-
-The `rootCAsSecrets` option, which allows only `Secrets` references,
-is still supported, but is now deprecated,
-and will be removed in the next major release.
-
-### Rule Syntax
-
-In `v3.4.0`, the `core.defaultRuleSyntax` static configuration option and the `ruleSyntax` router option have been deprecated,
-and will be removed in the next major version.
-
-This `core.defaultRuleSyntax` option was used to switch between the v2 and v3 syntax for the router's rules,
-and to help with the migration from v2 to v3.
-
-The `ruleSyntax` router's option was used to override the default rule syntax for a specific router.
-
-In preparation for the next major release, please remove any use of these two options and use the v3 syntax for writing the router's rules.
-
-## v3.4.1
-
-### Request Path Normalization
-
-Since `v3.4.1`, the request path is now normalized by decoding unreserved characters in the request path,
-and also uppercasing the percent-encoded characters.
-This follows [RFC 3986 percent-encoding normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2),
-and [RFC 3986 case normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.1).
-
-The normalization happens before the request path is sanitized,
-and cannot be disabled.
-This notably helps with encoded dots characters (which are unreserved characters) to be sanitized properly.
-
-### Routing Path
-
-Since `v3.4.1`, the reserved characters [(as per RFC 3986)](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) are kept encoded in the request path when matching the router rules.
-Those characters, when decoded, change the meaning of the request path for routing purposes,
-and Traefik now keeps them encoded to avoid any ambiguity.
-
-### Request Path Matching Examples
-
-| Request Path      | Router Rule            | Traefik v3.4.0 | Traefik v3.4.1 |
-|-------------------|------------------------|----------------|----------------|
-| `/foo%2Fbar`      | PathPrefix(`/foo/bar`) | Match          | No match       |
-| `/foo/../bar`     | PathPrefix(`/foo`)     | No match       | No match       |
-| `/foo/../bar`     | PathPrefix(`/bar`)     | Match          | Match          |
-| `/foo/%2E%2E/bar` | PathPrefix(`/foo`)     | Match          | No match       |
-| `/foo/%2E%2E/bar` | PathPrefix(`/bar`)     | No match       | Match          |
-
-## v3.4.5
-
-### MultiPath TCP
-
-Since `v3.4.5`, the MultiPath TCP support introduced with `v3.4.2` has been removed.
-It appears that enabling MPTCP on some platforms can cause Traefik to stop with the following error logs message:
-
-- `set tcp X.X.X.X:X->X.X.X.X:X: setsockopt: operation not supported`
-
-However, it can be re-enabled by setting the `multipathtcp` variable in the GODEBUG environment variable, see the related [go documentation](https://go.dev/doc/godebug#go-124).

docs/content/observability/access-logs.md

@@ -290,7 +290,7 @@ Example utilizing Docker Compose:
 ```yaml
 services:
   traefik:
-    image: traefik:v3.4
+    image: traefik:v3.5
     environment:
       - TZ=US/Alaska
     command:
@@ -340,6 +340,54 @@ accesslog:
 
     The OpenTelemetry Logger exporter will export access logs to the collector using HTTPS by default to https://localhost:4318/v1/logs, see the [gRPC Section](#grpc-configuration) to use gRPC.
 
+### `serviceName`
+
+_Optional, Default="traefik"_
+
+Defines the service name resource attribute.
+
+```yaml tab="File (YAML)"
+accesslog:
+  otlp:
+    serviceName: name
+```
+
+```toml tab="File (TOML)"
+[accesslog]
+  [accesslog.otlp]
+    serviceName = "name"
+```
+
+```bash tab="CLI"
+--accesslog.otlp.serviceName=name
+```
+
+### `resourceAttributes`
+
+_Optional, Default=empty_
+
+Defines additional resource attributes to be sent to the collector.
+
+```yaml tab="File (YAML)"
+accesslog:
+  otlp:
+    resourceAttributes:
+      attr1: foo
+      attr2: bar
+```
+
+```toml tab="File (TOML)"
+[accesslog]
+  [accesslog.otlp.resourceAttributes]
+    attr1 = "foo"
+    attr2 = "bar"
+```
+
+```bash tab="CLI"
+--accesslog.otlp.resourceAttributes.attr1=foo
+--accesslog.otlp.resourceAttributes.attr2=bar
+```
+
 ### HTTP configuration
 
 _Optional_

docs/content/observability/logs.md

@@ -219,6 +219,54 @@ log:
 
     The OpenTelemetry Logger exporter will export logs to the collector using HTTPS by default to https://localhost:4318/v1/logs, see the [gRPC Section](#grpc-configuration) to use gRPC.
 
+### `serviceName`
+
+_Optional, Default="traefik"_
+
+Defines the service name resource attribute.
+
+```yaml tab="File (YAML)"
+log:
+  otlp:
+    serviceName: name
+```
+
+```toml tab="File (TOML)"
+[log]
+  [log.otlp]
+    serviceName = "name"
+```
+
+```bash tab="CLI"
+--log.otlp.serviceName=name
+```
+
+### `resourceAttributes`
+
+_Optional, Default=empty_
+
+Defines additional resource attributes to be sent to the collector.
+
+```yaml tab="File (YAML)"
+log:
+  otlp:
+    resourceAttributes:
+      attr1: foo
+      attr2: bar
+```
+
+```toml tab="File (TOML)"
+[log]
+  [log.otlp.resourceAttributes]
+    attr1 = "foo"
+    attr2 = "bar"
+```
+
+```bash tab="CLI"
+--log.otlp.resourceAttributes.attr1=foo
+--log.otlp.resourceAttributes.attr2=bar
+```
+
 ### HTTP configuration
 
 _Optional_

docs/content/observability/metrics/opentelemetry.md

@@ -143,7 +143,7 @@ metrics:
 
 _Optional, Default="traefik"_
 
-OTEL service name to use.
+Defines the service name resource attribute.
 
 ```yaml tab="File (YAML)"
 metrics:
@@ -160,6 +160,31 @@ metrics:
 ```bash tab="CLI"
 --metrics.otlp.serviceName=name
 ```
+#### `resourceAttributes`
+
+_Optional, Default=empty_
+
+Defines additional resource attributes to be sent to the collector.
+
+```yaml tab="File (YAML)"
+metrics:
+  otlp:
+    resourceAttributes:
+      attr1: foo
+      attr2: bar
+```
+
+```toml tab="File (TOML)"
+[metrics]
+  [metrics.otlp.resourceAttributes]
+    attr1 = "foo"
+    attr2 = "bar"
+```
+
+```bash tab="CLI"
+--metrics.otlp.resourceAttributes.attr1=foo
+--metrics.otlp.resourceAttributes.attr2=bar
+```
 
 ### HTTP configuration
 

docs/content/operations/api.md

@@ -46,7 +46,7 @@ And then define a routing configuration on Traefik itself with the
 
 --8<-- "content/operations/include-api-examples.md"
 
-??? warning "The router's [rule](../../routing/routers#rule) must catch requests for the URI path `/api`"
+??? warning "The router's [rule](../../routing/routers/#rule) must catch requests for the URI path `/api`"
     Using an "Host" rule is recommended, by catching all the incoming traffic on this host domain to the API.
     However, you can also use "path prefix" rule or any combination or rules.
 
@@ -109,7 +109,7 @@ api:
 --api.dashboard=true
 ```
 
-!!! warning "With Dashboard enabled, the router [rule](../../routing/routers#rule) must catch requests for both `/api` and `/dashboard`"
+!!! warning "With Dashboard enabled, the router [rule](../../routing/routers/#rule) must catch requests for both `/api` and `/dashboard`"
     Please check the [Dashboard documentation](./dashboard.md#dashboard-router-rule) to learn more about this and to get examples.
 
 ### `debug`

docs/content/operations/cli.md

@@ -31,7 +31,7 @@ traefik [--flag=flag_argument] [-f [flag_argument]]
 traefik [--flag[=true|false| ]] [-f [true|false| ]]
 ```
 
-All flags are documented in the [(static configuration) CLI reference](../reference/static-configuration/cli.md).
+All flags are documented in the [(static configuration) CLI reference](../reference/install-configuration/configuration-options.md).
 
 !!! info "Flags are case-insensitive."
 

docs/content/providers/docker.md

@@ -163,7 +163,7 @@ See the [Docker API Access](#docker-api-access) section for more information.
     ```yaml
     services:
       traefik:
-         image: traefik:v3.4 # The official v3 Traefik docker image
+         image: traefik:v3.5 # The official v3 Traefik docker image
          ports:
            - "80:80"
          volumes:

docs/content/providers/file.md

@@ -103,7 +103,7 @@ It supports providing configuration through a [single configuration file](#filen
 
 ## Provider Configuration
 
-For an overview of all the options that can be set with the file provider, see the [dynamic configuration](../reference/dynamic-configuration/file.md) and [static configuration](../reference/static-configuration/overview.md) references.
+For an overview of all the options that can be set with the file provider, see the [routing configuration](../reference/routing-configuration/other-providers/file.md) and [install configuration](../reference/install-configuration/configuration-options.md) references.
 
 !!! warning "Limitations"
 

docs/content/providers/kubernetes-crd.md

@@ -31,10 +31,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
 
     ```bash
     # Install Traefik Resource Definitions:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.5/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
     
     # Install RBAC for Traefik:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.5/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
     ```
 
 ## Resource Configuration

docs/content/providers/kubernetes-gateway.md

@@ -8,11 +8,11 @@ description: "Learn how to use the Kubernetes Gateway API as a provider for conf
 The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
 specification from the Kubernetes Special Interest Groups (SIGs).
 
-This provider supports Standard version [v1.2.1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.2.1) of the Gateway API specification. 
+This provider supports Standard version [v1.3.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.3.0) of the Gateway API specification. 
 
 It fully supports all HTTP core and some extended features, as well as the `TCPRoute` and `TLSRoute` resources from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels).
 
-For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.2.1/traefik-traefik).
+For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.3.0/traefik-traefik).
 
 ## Requirements
 
@@ -27,14 +27,14 @@ For more details, check out the conformance [report](https://github.com/kubernet
 
     ```bash
     # Install Gateway API CRDs from the Standard channel.
-    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/standard-install.yaml
     ```
 
 2. Install the additional Traefik RBAC required for Gateway API.
 
     ```bash
     # Install Traefik RBACs.
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.5/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
     ```
 
 3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below:
@@ -275,7 +275,7 @@ providers:
 
     ```bash
     # Install Gateway API CRDs from the Experimental channel.
-    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/experimental-install.yaml
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.3.0/experimental-install.yaml
     ```
 
 ### `labelselector`

docs/content/providers/kubernetes-ingress.md

@@ -529,9 +529,32 @@ providers:
 --providers.kubernetesingress.nativeLBByDefault=true
 ```
 
+### `strictPrefixMatching`
+
+_Optional, Default: false_
+
+Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`.
+
+```yaml tab="File (YAML)"
+providers:
+  kubernetesIngress:
+    strictPrefixMatching: true
+    # ...
+```
+
+```toml tab="File (TOML)"
+[providers.kubernetesIngress]
+  strictPrefixMatching = true
+  # ...
+```
+
+```bash tab="CLI"
+--providers.kubernetesingress.strictPrefixMatching=true
+```
+
 ### Further
 
 To learn more about the various aspects of the Ingress specification that Traefik supports,
-many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.4/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.5/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
 
 {!traefik-for-business-applications.md!}

docs/content/reference/dynamic-configuration/consul-catalog.md

@@ -1,16 +0,0 @@
----
-title: "Traefik Consul Configuration Documentation"
-description: "View the reference for performing dynamic configurations with Traefik Proxy and Consul Catalog. Read the technical documentation."
----
-
-# Consul Catalog Configuration Reference
-
-Dynamic configuration with Consul Catalog
-{: .subtitle }
-
-The labels are case-insensitive.
-
-```yaml
---8<-- "content/reference/dynamic-configuration/consul-catalog.yml"
---8<-- "content/reference/dynamic-configuration/docker-labels.yml"
-```

docs/content/reference/dynamic-configuration/consul-catalog.yml

@@ -1,2 +0,0 @@
-- "traefik.enable=true"
-- "traefik.consulcatalog.connect=true"

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -169,6 +169,7 @@
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.observability.accesslogs=true"
 - "traefik.http.routers.router0.observability.metrics=true"
+- "traefik.http.routers.router0.observability.traceverbosity=foobar"
 - "traefik.http.routers.router0.observability.tracing=true"
 - "traefik.http.routers.router0.priority=42"
 - "traefik.http.routers.router0.rule=foobar"
@@ -185,6 +186,7 @@
 - "traefik.http.routers.router1.middlewares=foobar, foobar"
 - "traefik.http.routers.router1.observability.accesslogs=true"
 - "traefik.http.routers.router1.observability.metrics=true"
+- "traefik.http.routers.router1.observability.traceverbosity=foobar"
 - "traefik.http.routers.router1.observability.tracing=true"
 - "traefik.http.routers.router1.priority=42"
 - "traefik.http.routers.router1.rule=foobar"
@@ -209,6 +211,7 @@
 - "traefik.http.services.service02.loadbalancer.healthcheck.scheme=foobar"
 - "traefik.http.services.service02.loadbalancer.healthcheck.status=42"
 - "traefik.http.services.service02.loadbalancer.healthcheck.timeout=42s"
+- "traefik.http.services.service02.loadbalancer.healthcheck.unhealthyinterval=42s"
 - "traefik.http.services.service02.loadbalancer.passhostheader=true"
 - "traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval=42s"
 - "traefik.http.services.service02.loadbalancer.serverstransport=foobar"

docs/content/reference/dynamic-configuration/docker.md

@@ -1,17 +0,0 @@
----
-title: "Traefik Docker Configuration Documentation"
-description: "Reference dynamic configuration with Docker labels in Traefik Proxy. Read the technical documentation."
----
-
-# Docker Configuration Reference
-
-Dynamic configuration with Docker Labels
-{: .subtitle }
-
-The labels are case-insensitive.
-
-```yaml
-labels:
-  --8<-- "content/reference/dynamic-configuration/docker.yml"
-  --8<-- "content/reference/dynamic-configuration/docker-labels.yml"
-```

docs/content/reference/dynamic-configuration/docker.yml

@@ -1,2 +0,0 @@
-- "traefik.enable=true"
-- "traefik.docker.network=foobar"

docs/content/reference/dynamic-configuration/ecs.md

@@ -1,16 +0,0 @@
----
-title: "Traefik AWS ECS Configuration Documentation"
-description: "Learn how to do dynamic configuration in Traefik Proxy with AWS ECS. Read the technical documentation."
----
-
-# ECS Configuration Reference
-
-Dynamic configuration with ECS provider
-{: .subtitle }
-
-The labels are case-insensitive.
-
-```yaml
---8<-- "content/reference/dynamic-configuration/ecs.yml"
---8<-- "content/reference/dynamic-configuration/docker-labels.yml"
-```

docs/content/reference/dynamic-configuration/ecs.yml

@@ -1 +0,0 @@
-- "traefik.enable=true"

docs/content/reference/dynamic-configuration/file.md

@@ -1,17 +0,0 @@
----
-title: "Traefik File Dynamic Configuration"
-description: "This guide will provide you with the YAML and TOML files for dynamic configuration in Traefik Proxy. Read the technical documentation."
----
-
-# File Configuration Reference
-
-Dynamic configuration with files
-{: .subtitle }
-
-```yml  tab="YAML"
---8<-- "content/reference/dynamic-configuration/file.yaml"
-```
-
-```toml  tab="TOML"
---8<-- "content/reference/dynamic-configuration/file.toml"
-```

docs/content/reference/dynamic-configuration/file.toml

@@ -22,8 +22,9 @@
           sans = ["foobar", "foobar"]
       [http.routers.Router0.observability]
         accessLogs = true
-        tracing = true
         metrics = true
+        tracing = true
+        traceVerbosity = "foobar"
     [http.routers.Router1]
       entryPoints = ["foobar", "foobar"]
       middlewares = ["foobar", "foobar"]
@@ -44,8 +45,9 @@
           sans = ["foobar", "foobar"]
       [http.routers.Router1.observability]
         accessLogs = true
-        tracing = true
         metrics = true
+        tracing = true
+        traceVerbosity = "foobar"
   [http.services]
     [http.services.Service01]
       [http.services.Service01.failover]
@@ -84,6 +86,7 @@
           status = 42
           port = 42
           interval = "42s"
+          unhealthyInterval = "42s"
           timeout = "42s"
           hostname = "foobar"
           followRedirects = true

docs/content/reference/dynamic-configuration/file.yaml

@@ -27,8 +27,9 @@ http:
               - foobar
       observability:
         accessLogs: true
-        tracing: true
         metrics: true
+        tracing: true
+        traceVerbosity: foobar
     Router1:
       entryPoints:
         - foobar
@@ -54,8 +55,9 @@ http:
               - foobar
       observability:
         accessLogs: true
-        tracing: true
         metrics: true
+        tracing: true
+        traceVerbosity: foobar
   services:
     Service01:
       failover:
@@ -89,6 +91,7 @@ http:
           status: 42
           port: 42
           interval: 42s
+          unhealthyInterval: 42s
           timeout: 42s
           hostname: foobar
           followRedirects: true

docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml

@@ -43,7 +43,7 @@ spec:
                 description: |-
                   EntryPoints defines the list of entry point names to bind to.
                   Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
                   Default: all.
                 items:
                   type: string
@@ -64,12 +64,12 @@ spec:
                     match:
                       description: |-
                         Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rule
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
                       type: string
                     middlewares:
                       description: |-
                         Middlewares defines the list of references to Middleware resources.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-middleware
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
                       items:
                         description: MiddlewareRef is a reference to a Middleware
                           resource.
@@ -89,19 +89,30 @@ spec:
                     observability:
                       description: |-
                         Observability defines the observability configuration for a router.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#observability
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
                       properties:
                         accessLogs:
+                          description: AccessLogs enables access logs for this router.
                           type: boolean
                         metrics:
+                          description: Metrics enables metrics for this router.
                           type: boolean
+                        traceVerbosity:
+                          default: minimal
+                          description: TraceVerbosity defines the verbosity level
+                            of the tracing for this router.
+                          enum:
+                          - minimal
+                          - detailed
+                          type: string
                         tracing:
+                          description: Tracing enables tracing for this router.
                           type: boolean
                       type: object
                     priority:
                       description: |-
                         Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#priority
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
                       maximum: 9223372036854775000
                       type: integer
                     services:
@@ -136,7 +147,7 @@ spec:
                                 - type: integer
                                 - type: string
                                 description: |-
-                                  Interval defines the frequency of the health check calls.
+                                  Interval defines the frequency of the health check calls for healthy targets.
                                   Default: 30s
                                 x-kubernetes-int-or-string: true
                               method:
@@ -172,6 +183,15 @@ spec:
                                   Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
                                   Default: 5s
                                 x-kubernetes-int-or-string: true
+                              unhealthyInterval:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                description: |-
+                                  UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+                                  When UnhealthyInterval is not defined, it defaults to the Interval value.
+                                  Default: 30s
+                                x-kubernetes-int-or-string: true
                             type: object
                           kind:
                             description: Kind defines the kind of the Service.
@@ -243,7 +263,7 @@ spec:
                           sticky:
                             description: |-
                               Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v3.4/routing/services/#sticky-sessions
+                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
                             properties:
                               cookie:
                                 description: Cookie defines the sticky cookie configuration.
@@ -312,7 +332,7 @@ spec:
                     syntax:
                       description: |-
                         Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rulesyntax
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
                         Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                       type: string
                   required:
@@ -322,18 +342,18 @@ spec:
               tls:
                 description: |-
                   TLS defines the TLS configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#tls
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
                 properties:
                   certResolver:
                     description: |-
                       CertResolver defines the name of the certificate resolver to use.
                       Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
                     type: string
                   domains:
                     description: |-
                       Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -352,17 +372,17 @@ spec:
                     description: |-
                       Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                       If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
                     properties:
                       name:
                         description: |-
                           Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                       namespace:
                         description: |-
                           Namespace defines the namespace of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                     required:
                     - name
@@ -379,12 +399,12 @@ spec:
                       name:
                         description: |-
                           Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                       namespace:
                         description: |-
                           Namespace defines the namespace of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                     required:
                     - name
@@ -444,7 +464,7 @@ spec:
                 description: |-
                   EntryPoints defines the list of entry point names to bind to.
                   Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
                   Default: all.
                 items:
                   type: string
@@ -457,7 +477,7 @@ spec:
                     match:
                       description: |-
                         Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rule_1
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
                       type: string
                     middlewares:
                       description: Middlewares defines the list of references to MiddlewareTCP
@@ -481,7 +501,7 @@ spec:
                     priority:
                       description: |-
                         Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#priority_1
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
                       maximum: 9223372036854775000
                       type: integer
                     services:
@@ -523,7 +543,7 @@ spec:
                           proxyProtocol:
                             description: |-
                               ProxyProtocol defines the PROXY protocol configuration.
-                              More info: https://doc.traefik.io/traefik/v3.4/routing/services/#proxy-protocol
+                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
                             properties:
                               version:
                                 description: Version defines the PROXY Protocol version
@@ -564,7 +584,7 @@ spec:
                     syntax:
                       description: |-
                         Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rulesyntax_1
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
                         Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                       enum:
                       - v3
@@ -577,18 +597,18 @@ spec:
               tls:
                 description: |-
                   TLS defines the TLS configuration on a layer 4 / TCP Route.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#tls_1
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
                 properties:
                   certResolver:
                     description: |-
                       CertResolver defines the name of the certificate resolver to use.
                       Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
                     type: string
                   domains:
                     description: |-
                       Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -607,7 +627,7 @@ spec:
                     description: |-
                       Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                       If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik
@@ -699,7 +719,7 @@ spec:
                 description: |-
                   EntryPoints defines the list of entry point names to bind to.
                   Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
                   Default: all.
                 items:
                   type: string
@@ -787,7 +807,7 @@ spec:
       openAPIV3Schema:
         description: |-
           Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/overview/
+          More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
         properties:
           apiVersion:
             description: |-
@@ -813,7 +833,7 @@ spec:
                 description: |-
                   AddPrefix holds the add prefix middleware configuration.
                   This middleware updates the path of a request before forwarding it.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/addprefix/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/addprefix/
                 properties:
                   prefix:
                     description: |-
@@ -828,12 +848,12 @@ spec:
                 description: |-
                   BasicAuth holds the basic auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/basicauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
                 properties:
                   headerField:
                     description: |-
                       HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/basicauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
                     type: string
                   realm:
                     description: |-
@@ -854,7 +874,7 @@ spec:
                 description: |-
                   Buffering holds the buffering middleware configuration.
                   This middleware retries or limits the size of requests that can be forwarded to backends.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/buffering/#maxrequestbodybytes
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/buffering/#maxrequestbodybytes
                 properties:
                   maxRequestBodyBytes:
                     description: |-
@@ -886,14 +906,14 @@ spec:
                     description: |-
                       RetryExpression defines the retry conditions.
                       It is a logical combination of functions with operators AND (&&) and OR (||).
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/buffering/#retryexpression
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/buffering/#retryexpression
                     type: string
                 type: object
               chain:
                 description: |-
                   Chain holds the configuration of the chain middleware.
                   This middleware enables to define reusable combinations of other pieces of middleware.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/chain/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
                 properties:
                   middlewares:
                     description: Middlewares is the list of MiddlewareRef which composes
@@ -956,7 +976,7 @@ spec:
                 description: |-
                   Compress holds the compress middleware configuration.
                   This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/compress/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
                 properties:
                   defaultEncoding:
                     description: DefaultEncoding specifies the default encoding if
@@ -1006,12 +1026,12 @@ spec:
                 description: |-
                   DigestAuth holds the digest auth middleware configuration.
                   This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/digestauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
                 properties:
                   headerField:
                     description: |-
                       HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/basicauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
                     type: string
                   realm:
                     description: |-
@@ -1031,7 +1051,7 @@ spec:
                 description: |-
                   ErrorPage holds the custom error middleware configuration.
                   This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/errorpages/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
                 properties:
                   query:
                     description: |-
@@ -1043,7 +1063,7 @@ spec:
                   service:
                     description: |-
                       Service defines the reference to a Kubernetes Service that will serve the error page.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/errorpages/#service
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
                     properties:
                       healthCheck:
                         description: Healthcheck defines health checks for ExternalName
@@ -1069,7 +1089,7 @@ spec:
                             - type: integer
                             - type: string
                             description: |-
-                              Interval defines the frequency of the health check calls.
+                              Interval defines the frequency of the health check calls for healthy targets.
                               Default: 30s
                             x-kubernetes-int-or-string: true
                           method:
@@ -1105,6 +1125,15 @@ spec:
                               Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
                               Default: 5s
                             x-kubernetes-int-or-string: true
+                          unhealthyInterval:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: |-
+                              UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+                              When UnhealthyInterval is not defined, it defaults to the Interval value.
+                              Default: 30s
+                            x-kubernetes-int-or-string: true
                         type: object
                       kind:
                         description: Kind defines the kind of the Service.
@@ -1176,7 +1205,7 @@ spec:
                       sticky:
                         description: |-
                           Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/services/#sticky-sessions
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
                         properties:
                           cookie:
                             description: Cookie defines the sticky cookie configuration.
@@ -1263,7 +1292,7 @@ spec:
                 description: |-
                   ForwardAuth holds the forward auth middleware configuration.
                   This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/forwardauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
                 properties:
                   addAuthCookiesToResponse:
                     description: AddAuthCookiesToResponse defines the list of cookies
@@ -1291,7 +1320,7 @@ spec:
                   authResponseHeadersRegex:
                     description: |-
                       AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/forwardauth/#authresponseheadersregex
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
                     type: string
                   forwardBody:
                     description: ForwardBody defines whether to send the request body
@@ -1300,7 +1329,7 @@ spec:
                   headerField:
                     description: |-
                       HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/forwardauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
                     type: string
                   maxBodySize:
                     description: MaxBodySize defines the maximum body size in bytes
@@ -1362,7 +1391,7 @@ spec:
                 description: |-
                   Headers holds the headers middleware configuration.
                   This middleware manages the requests and responses headers.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/headers/#customrequestheaders
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/headers/#customrequestheaders
                 properties:
                   accessControlAllowCredentials:
                     description: AccessControlAllowCredentials defines whether the
@@ -1534,7 +1563,7 @@ spec:
                 description: |-
                   InFlightReq holds the in-flight request middleware configuration.
                   This middleware limits the number of requests being processed and served concurrently.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/inflightreq/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/inflightreq/
                 properties:
                   amount:
                     description: |-
@@ -1548,12 +1577,12 @@ spec:
                       SourceCriterion defines what criterion is used to group requests as originating from a common source.
                       If several strategies are defined at the same time, an error will be raised.
                       If none are set, the default is to use the requestHost.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/inflightreq/#sourcecriterion
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/inflightreq/#sourcecriterion
                     properties:
                       ipStrategy:
                         description: |-
                           IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-                          More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/ipallowlist/#ipstrategy
+                          More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ipallowlist/#ipstrategy
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1589,12 +1618,12 @@ spec:
                 description: |-
                   IPAllowList holds the IP allowlist middleware configuration.
                   This middleware limits allowed requests based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/ipallowlist/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ipallowlist/
                 properties:
                   ipStrategy:
                     description: |-
                       IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/ipallowlist/#ipstrategy
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ipallowlist/#ipstrategy
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -1632,7 +1661,7 @@ spec:
                   ipStrategy:
                     description: |-
                       IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-                      More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/ipallowlist/#ipstrategy
+                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ipallowlist/#ipstrategy
                     properties:
                       depth:
                         description: Depth tells Traefik to use the X-Forwarded-For
@@ -1663,7 +1692,7 @@ spec:
                 description: |-
                   PassTLSClientCert holds the pass TLS client cert middleware configuration.
                   This middleware adds the selected data from the passed client TLS certificate to a header.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/passtlsclientcert/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/passtlsclientcert/
                 properties:
                   info:
                     description: Info selects the specific client certificate details
@@ -1772,7 +1801,7 @@ spec:
                 description: |-
                   RateLimit holds the rate limit configuration.
                   This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/ratelimit/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
                 properties:
                   average:
                     description: |-
@@ -1891,7 +1920,7 @@ spec:
                       ipStrategy:
                         description: |-
                           IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
-                          More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/ipallowlist/#ipstrategy
+                          More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ipallowlist/#ipstrategy
                         properties:
                           depth:
                             description: Depth tells Traefik to use the X-Forwarded-For
@@ -1927,7 +1956,7 @@ spec:
                 description: |-
                   RedirectRegex holds the redirect regex middleware configuration.
                   This middleware redirects a request using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/redirectregex/#regex
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/redirectregex/#regex
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -1946,7 +1975,7 @@ spec:
                 description: |-
                   RedirectScheme holds the redirect scheme middleware configuration.
                   This middleware redirects requests from a scheme/port to another.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/redirectscheme/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/redirectscheme/
                 properties:
                   permanent:
                     description: Permanent defines whether the redirection is permanent
@@ -1963,7 +1992,7 @@ spec:
                 description: |-
                   ReplacePath holds the replace path middleware configuration.
                   This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/replacepath/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/replacepath/
                 properties:
                   path:
                     description: Path defines the path to use as replacement in the
@@ -1974,7 +2003,7 @@ spec:
                 description: |-
                   ReplacePathRegex holds the replace path regex middleware configuration.
                   This middleware replaces the path of a URL using regex matching and replacement.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/replacepathregex/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/replacepathregex/
                 properties:
                   regex:
                     description: Regex defines the regular expression used to match
@@ -1990,7 +2019,7 @@ spec:
                   Retry holds the retry middleware configuration.
                   This middleware reissues requests a given number of times to a backend server if that server does not reply.
                   As soon as the server answers, the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/retry/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
                 properties:
                   attempts:
                     description: Attempts defines how many times the request should
@@ -2014,7 +2043,7 @@ spec:
                 description: |-
                   StripPrefix holds the strip prefix middleware configuration.
                   This middleware removes the specified prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/stripprefix/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/stripprefix/
                 properties:
                   forceSlash:
                     description: |-
@@ -2033,7 +2062,7 @@ spec:
                 description: |-
                   StripPrefixRegex holds the strip prefix regex middleware configuration.
                   This middleware removes the matching prefixes from the URL path.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/http/stripprefixregex/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/stripprefixregex/
                 properties:
                   regex:
                     description: Regex defines the regular expression to match the
@@ -2070,7 +2099,7 @@ spec:
       openAPIV3Schema:
         description: |-
           MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v3.4/middlewares/overview/
+          More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
         properties:
           apiVersion:
             description: |-
@@ -2107,7 +2136,7 @@ spec:
                 description: |-
                   IPAllowList defines the IPAllowList middleware configuration.
                   This middleware accepts/refuses connections based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/tcp/ipallowlist/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of
@@ -2121,7 +2150,7 @@ spec:
                   IPWhiteList defines the IPWhiteList middleware configuration.
                   This middleware accepts/refuses connections based on the client IP.
                   Deprecated: please use IPAllowList instead.
-                  More info: https://doc.traefik.io/traefik/v3.4/middlewares/tcp/ipwhitelist/
+                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
                 properties:
                   sourceRange:
                     description: SourceRange defines the allowed IPs (or ranges of
@@ -2160,7 +2189,7 @@ spec:
           ServersTransport is the CRD implementation of a ServersTransport.
           If no serversTransport is specified, the default@internal will be used.
           The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v3.4/routing/services/#serverstransport_1
+          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
         properties:
           apiVersion:
             description: |-
@@ -2329,7 +2358,7 @@ spec:
           ServersTransportTCP is the CRD implementation of a TCPServersTransport.
           If no tcpServersTransport is specified, a default one named default@internal will be used.
           The default@internal tcpServersTransport can be configured in the static configuration.
-          More info: https://doc.traefik.io/traefik/v3.4/routing/services/#serverstransport_3
+          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
         properties:
           apiVersion:
             description: |-
@@ -2474,7 +2503,7 @@ spec:
       openAPIV3Schema:
         description: |-
           TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
-          More info: https://doc.traefik.io/traefik/v3.4/https/tls/#tls-options
+          More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
         properties:
           apiVersion:
             description: |-
@@ -2499,14 +2528,14 @@ spec:
               alpnProtocols:
                 description: |-
                   ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
-                  More info: https://doc.traefik.io/traefik/v3.4/https/tls/#alpn-protocols
+                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
                 items:
                   type: string
                 type: array
               cipherSuites:
                 description: |-
                   CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
-                  More info: https://doc.traefik.io/traefik/v3.4/https/tls/#cipher-suites
+                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
                 items:
                   type: string
                 type: array
@@ -2534,7 +2563,7 @@ spec:
               curvePreferences:
                 description: |-
                   CurvePreferences defines the preferred elliptic curves.
-                  More info: https://doc.traefik.io/traefik/v3.4/https/tls/#curve-preferences
+                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
                 items:
                   type: string
                 type: array
@@ -2594,7 +2623,7 @@ spec:
           TLSStore is the CRD implementation of a Traefik TLS Store.
           For the time being, only the TLSStore named default is supported.
           This means that you cannot have two stores that are named default in different Kubernetes namespaces.
-          More info: https://doc.traefik.io/traefik/v3.4/https/tls/#certificates-stores
+          More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
         properties:
           apiVersion:
             description: |-
@@ -2692,7 +2721,7 @@ spec:
           TraefikService object allows to:
           - Apply weight to Services on load-balancing
           - Mirror traffic on services
-          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-traefikservice
+          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
         properties:
           apiVersion:
             description: |-
@@ -2741,7 +2770,7 @@ spec:
                         - type: integer
                         - type: string
                         description: |-
-                          Interval defines the frequency of the health check calls.
+                          Interval defines the frequency of the health check calls for healthy targets.
                           Default: 30s
                         x-kubernetes-int-or-string: true
                       method:
@@ -2777,6 +2806,15 @@ spec:
                           Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
                           Default: 5s
                         x-kubernetes-int-or-string: true
+                      unhealthyInterval:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: |-
+                          UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+                          When UnhealthyInterval is not defined, it defaults to the Interval value.
+                          Default: 30s
+                        x-kubernetes-int-or-string: true
                     type: object
                   kind:
                     description: Kind defines the kind of the Service.
@@ -2826,7 +2864,7 @@ spec:
                               - type: integer
                               - type: string
                               description: |-
-                                Interval defines the frequency of the health check calls.
+                                Interval defines the frequency of the health check calls for healthy targets.
                                 Default: 30s
                               x-kubernetes-int-or-string: true
                             method:
@@ -2862,6 +2900,15 @@ spec:
                                 Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
                                 Default: 5s
                               x-kubernetes-int-or-string: true
+                            unhealthyInterval:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              description: |-
+                                UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+                                When UnhealthyInterval is not defined, it defaults to the Interval value.
+                                Default: 30s
+                              x-kubernetes-int-or-string: true
                           type: object
                         kind:
                           description: Kind defines the kind of the Service.
@@ -2938,7 +2985,7 @@ spec:
                         sticky:
                           description: |-
                             Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v3.4/routing/services/#sticky-sessions
+                            More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -3066,7 +3113,7 @@ spec:
                   sticky:
                     description: |-
                       Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v3.4/routing/services/#sticky-sessions
+                      More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.
@@ -3163,7 +3210,7 @@ spec:
                               - type: integer
                               - type: string
                               description: |-
-                                Interval defines the frequency of the health check calls.
+                                Interval defines the frequency of the health check calls for healthy targets.
                                 Default: 30s
                               x-kubernetes-int-or-string: true
                             method:
@@ -3199,6 +3246,15 @@ spec:
                                 Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
                                 Default: 5s
                               x-kubernetes-int-or-string: true
+                            unhealthyInterval:
+                              anyOf:
+                              - type: integer
+                              - type: string
+                              description: |-
+                                UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+                                When UnhealthyInterval is not defined, it defaults to the Interval value.
+                                Default: 30s
+                              x-kubernetes-int-or-string: true
                           type: object
                         kind:
                           description: Kind defines the kind of the Service.
@@ -3270,7 +3326,7 @@ spec:
                         sticky:
                           description: |-
                             Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v3.4/routing/services/#sticky-sessions
+                            More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
                           properties:
                             cookie:
                               description: Cookie defines the sticky cookie configuration.
@@ -3338,7 +3394,7 @@ spec:
                   sticky:
                     description: |-
                       Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
+                      More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
                     properties:
                       cookie:
                         description: Cookie defines the sticky cookie configuration.

docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml

@@ -15,6 +15,14 @@ rules:
       - get
       - list
       - watch
+  # The pods right is needed to inject k8s.pod.uid and k8s.pod.name OTel attributes.
+  # When OTel tracing/logs/metrics are not enabled, this rule is not needed.
+  - apiGroups:
+      - ""
+    resources:
+       - pods
+    verbs:
+        - get
   - apiGroups:
       - discovery.k8s.io
     resources:

docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml

@@ -11,6 +11,14 @@ rules:
     verbs:
       - list
       - watch
+  # The pods get right is needed to inject k8s.pod.uid and k8s.pod.name in OTel attributes.
+  # When OTel tracing/logs/metrics are not enabled, this rule is not needed.
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
   - apiGroups:
       - ""
     resources:

docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: traefik-controller
       containers:
         - name: traefik
-          image: traefik:v3.4
+          image: traefik:v3.5
           args:
             - --entryPoints.web.address=:80
             - --entryPoints.websecure.address=:443

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -199,6 +199,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/routers/Router0/middlewares/1` | `foobar` |
 | `traefik/http/routers/Router0/observability/accessLogs` | `true` |
 | `traefik/http/routers/Router0/observability/metrics` | `true` |
+| `traefik/http/routers/Router0/observability/traceVerbosity` | `foobar` |
 | `traefik/http/routers/Router0/observability/tracing` | `true` |
 | `traefik/http/routers/Router0/priority` | `42` |
 | `traefik/http/routers/Router0/rule` | `foobar` |
@@ -218,6 +219,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/routers/Router1/middlewares/1` | `foobar` |
 | `traefik/http/routers/Router1/observability/accessLogs` | `true` |
 | `traefik/http/routers/Router1/observability/metrics` | `true` |
+| `traefik/http/routers/Router1/observability/traceVerbosity` | `foobar` |
 | `traefik/http/routers/Router1/observability/tracing` | `true` |
 | `traefik/http/routers/Router1/priority` | `42` |
 | `traefik/http/routers/Router1/rule` | `foobar` |
@@ -284,6 +286,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` |
 | `traefik/http/services/Service02/loadBalancer/healthCheck/status` | `42` |
 | `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `42s` |
+| `traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval` | `42s` |
 | `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
 | `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` |
 | `traefik/http/services/Service02/loadBalancer/servers/0/preservePath` | `true` |

docs/content/reference/dynamic-configuration/kv.md

@@ -1,11 +0,0 @@
----
-title: "Traefik Dynamic Configuration with KV stores"
-description: "Read the technical documentation to learn the Traefik Dynamic Configuration with KV stores."
----
-
-# KV Configuration Reference
-
-Dynamic configuration with KV stores.
-{: .subtitle }
-
---8<-- "content/reference/dynamic-configuration/kv-ref.md"

docs/content/reference/dynamic-configuration/nomad.md

@@ -1,16 +0,0 @@
----
-title: "Traefik Nomad Service Discovery Configuration Documentation"
-description: "View the reference for performing dynamic configurations with Traefik Proxy and Nomad Service Discovery. Read the technical documentation."
----
-
-# Nomad Service Discovery Configuration Reference
-
-Dynamic configuration with Nomad Service Discovery
-{: .subtitle }
-
-The labels are case-insensitive.
-
-```yaml
---8<-- "content/reference/dynamic-configuration/nomad.yml"
---8<-- "content/reference/dynamic-configuration/docker-labels.yml"
-```

docs/content/reference/dynamic-configuration/nomad.yml

@@ -1 +0,0 @@
-- "traefik.enable=true"

docs/content/reference/dynamic-configuration/swarm.md

@@ -1,17 +0,0 @@
----
-title: "Traefik Docker Swarm Configuration Documentation"
-description: "Reference dynamic configuration with Docker Swarm labels in Traefik Proxy. Read the technical documentation."
----
-
-# Docker Swarm Configuration Reference
-
-Dynamic configuration with Docker Labels
-{: .subtitle }
-
-The labels are case-insensitive.
-
-```yaml
-labels:
-  --8<-- "content/reference/dynamic-configuration/swarm.yml"
-  --8<-- "content/reference/dynamic-configuration/docker-labels.yml"
-```

docs/content/reference/dynamic-configuration/swarm.yml

@@ -1,3 +0,0 @@
-- "traefik.enable=true"
-- "traefik.swarm.network=foobar"
-- "traefik.swarm.lbswarm=true"

docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml

@@ -43,7 +43,7 @@ spec:
                 description: |-
                   EntryPoints defines the list of entry point names to bind to.
                   Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
                   Default: all.
                 items:
                   type: string
@@ -64,12 +64,12 @@ spec:
                     match:
                       description: |-
                         Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rule
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
                       type: string
                     middlewares:
                       description: |-
                         Middlewares defines the list of references to Middleware resources.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-middleware
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
                       items:
                         description: MiddlewareRef is a reference to a Middleware
                           resource.
@@ -89,19 +89,30 @@ spec:
                     observability:
                       description: |-
                         Observability defines the observability configuration for a router.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#observability
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
                       properties:
                         accessLogs:
+                          description: AccessLogs enables access logs for this router.
                           type: boolean
                         metrics:
+                          description: Metrics enables metrics for this router.
                           type: boolean
+                        traceVerbosity:
+                          default: minimal
+                          description: TraceVerbosity defines the verbosity level
+                            of the tracing for this router.
+                          enum:
+                          - minimal
+                          - detailed
+                          type: string
                         tracing:
+                          description: Tracing enables tracing for this router.
                           type: boolean
                       type: object
                     priority:
                       description: |-
                         Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#priority
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
                       maximum: 9223372036854775000
                       type: integer
                     services:
@@ -136,7 +147,7 @@ spec:
                                 - type: integer
                                 - type: string
                                 description: |-
-                                  Interval defines the frequency of the health check calls.
+                                  Interval defines the frequency of the health check calls for healthy targets.
                                   Default: 30s
                                 x-kubernetes-int-or-string: true
                               method:
@@ -172,6 +183,15 @@ spec:
                                   Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
                                   Default: 5s
                                 x-kubernetes-int-or-string: true
+                              unhealthyInterval:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                description: |-
+                                  UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+                                  When UnhealthyInterval is not defined, it defaults to the Interval value.
+                                  Default: 30s
+                                x-kubernetes-int-or-string: true
                             type: object
                           kind:
                             description: Kind defines the kind of the Service.
@@ -243,7 +263,7 @@ spec:
                           sticky:
                             description: |-
                               Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v3.4/routing/services/#sticky-sessions
+                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
                             properties:
                               cookie:
                                 description: Cookie defines the sticky cookie configuration.
@@ -312,7 +332,7 @@ spec:
                     syntax:
                       description: |-
                         Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rulesyntax
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
                         Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                       type: string
                   required:
@@ -322,18 +342,18 @@ spec:
               tls:
                 description: |-
                   TLS defines the TLS configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#tls
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
                 properties:
                   certResolver:
                     description: |-
                       CertResolver defines the name of the certificate resolver to use.
                       Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
                     type: string
                   domains:
                     description: |-
                       Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -352,17 +372,17 @@ spec:
                     description: |-
                       Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                       If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
                     properties:
                       name:
                         description: |-
                           Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                       namespace:
                         description: |-
                           Namespace defines the namespace of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
                         type: string
                     required:
                     - name
@@ -379,12 +399,12 @@ spec:
                       name:
                         description: |-
                           Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                       namespace:
                         description: |-
                           Namespace defines the namespace of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.4/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
                         type: string
                     required:
                     - name

docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml

@@ -43,7 +43,7 @@ spec:
                 description: |-
                   EntryPoints defines the list of entry point names to bind to.
                   Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
                   Default: all.
                 items:
                   type: string
@@ -56,7 +56,7 @@ spec:
                     match:
                       description: |-
                         Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rule_1
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
                       type: string
                     middlewares:
                       description: Middlewares defines the list of references to MiddlewareTCP
@@ -80,7 +80,7 @@ spec:
                     priority:
                       description: |-
                         Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#priority_1
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
                       maximum: 9223372036854775000
                       type: integer
                     services:
@@ -122,7 +122,7 @@ spec:
                           proxyProtocol:
                             description: |-
                               ProxyProtocol defines the PROXY protocol configuration.
-                              More info: https://doc.traefik.io/traefik/v3.4/routing/services/#proxy-protocol
+                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
                             properties:
                               version:
                                 description: Version defines the PROXY Protocol version
@@ -163,7 +163,7 @@ spec:
                     syntax:
                       description: |-
                         Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#rulesyntax_1
+                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
                         Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                       enum:
                       - v3
@@ -176,18 +176,18 @@ spec:
               tls:
                 description: |-
                   TLS defines the TLS configuration on a layer 4 / TCP Route.
-                  More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#tls_1
+                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
                 properties:
                   certResolver:
                     description: |-
                       CertResolver defines the name of the certificate resolver to use.
                       Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
                     type: string
                   domains:
                     description: |-
                       Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.4/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
                     items:
                       description: Domain holds a domain name with SANs.
                       properties:
@@ -206,7 +206,7 @@ spec:
                     description: |-
                       Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                       If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.4/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
                     properties:
                       name:
                         description: Name defines the name of the referenced Traefik