Bump sigs.k8s.io/gateway-api to v1.5.1

docs/content/migrate/v3.md

@@ -653,6 +653,26 @@ Therefore, in the corresponding RBACs (see [KubernetesIngressNGINX](../reference
   ...
 ```
 
+### Kubernetes Gateway API Provider
+
+Starting with `v3.7.0`, the Kubernetes Gateway API provider supports version [v1.5.1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.5.1) of the specification,
+which requires the Gateway API CRDs to be updated.
+
+`TLSRoute` has graduated to the Standard channel and no longer requires the `experimentalChannel` option.
+The `experimentalChannel` option is now only needed for `TCPRoute`.
+
+**Apply Updated CRDs:**
+
+```shell
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml
+```
+
+For the experimental channel:
+
+```shell
+kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.1/experimental-install.yaml
+```
+
 ### Kubernetes CRD Provider
 
 To use the new options of the `retry` middleware with the Kubernetes CRD provider, you need to update your CRDs.

docs/content/providers/kubernetes-gateway.md

@@ -8,11 +8,11 @@ description: "Learn how to use the Kubernetes Gateway API as a provider for conf
 The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
 specification from the Kubernetes Special Interest Groups (SIGs).
 
-This provider supports Standard version [v1.4.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.4.0) of the Gateway API specification. 
+This provider supports Standard version [v1.5.1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.5.1) of the Gateway API specification.
 
-It fully supports all HTTP core and some extended features, as well as the `TCPRoute` and `TLSRoute` resources from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels).
+It fully supports all HTTP core and some extended features, as well as `TLSRoute` (Standard channel) and `TCPRoute` (Experimental channel via the [`experimentalChannel`](#experimentalchannel) option).
 
-For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.4.0/traefik-traefik).
+For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.5.1/traefik-traefik).
 
 ## Requirements
 
@@ -27,7 +27,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
 
     ```bash
     # Install Gateway API CRDs from the Standard channel.
-    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml
     ```
 
 2. Install the additional Traefik RBAC required for Gateway API.
@@ -251,7 +251,7 @@ providers:
 _Optional, Default: false_
 
 Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).
-This option currently enables support for `TCPRoute` and `TLSRoute`.
+This option currently enables support for `TCPRoute`.
 
 ```yaml tab="File (YAML)"
 providers:
@@ -275,7 +275,7 @@ providers:
 
     ```bash
     # Install Gateway API CRDs from the Experimental channel.
-    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/experimental-install.yaml
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.1/experimental-install.yaml
     ```
 
 ### `labelselector`

docs/content/reference/install-configuration/providers/kubernetes/kubernetes-gateway.md

@@ -8,11 +8,11 @@ description: "Learn how to use the Kubernetes Gateway API as a provider for conf
 The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
 specification from the Kubernetes Special Interest Groups (SIGs).
 
-This provider supports Standard version [v1.4.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.4.0) of the Gateway API specification.
+This provider supports Standard version [v1.5.1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.5.1) of the Gateway API specification.
 
-It fully supports all `HTTPRoute` core and some extended features, like `BackendTLSPolicy`, and `GRPCRoute` resources from the [Standard channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels), as well as `TCPRoute`, and `TLSRoute` resources from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels). 
+It fully supports all `HTTPRoute` core and some extended features, like `BackendTLSPolicy`, `GRPCRoute`, and `TLSRoute` resources from the [Standard channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels), as well as `TCPRoute` from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels).
 
-For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.4.0/traefik-traefik).
+For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.5.1/traefik-traefik).
 
 !!! info "Using The Helm Chart"
 
@@ -27,7 +27,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
 
     ```bash
     # Install Gateway API CRDs from the Standard channel.
-    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.0/standard-install.yaml
+    kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml
     ```
 
 2. Install/update the Traefik [RBAC](../../../dynamic-configuration/kubernetes-gateway-rbac.yml).
@@ -71,7 +71,7 @@ providers:
 |:----------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
 | <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.**                  | 2s      | No       |
 | <a id="opt-providers-kubernetesGateway-endpoint" href="#opt-providers-kubernetesGateway-endpoint" title="#opt-providers-kubernetesGateway-endpoint">`providers.kubernetesGateway.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint).                                                                                                                                                                                                                                                                                                                                         | ""      | No       |
-| <a id="opt-providers-kubernetesGateway-experimentalChannel" href="#opt-providers-kubernetesGateway-experimentalChannel" title="#opt-providers-kubernetesGateway-experimentalChannel">`providers.kubernetesGateway.experimentalChannel`</a> | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`)                                                                                                                                                                                    | false   | No       |
+| <a id="opt-providers-kubernetesGateway-experimentalChannel" href="#opt-providers-kubernetesGateway-experimentalChannel" title="#opt-providers-kubernetesGateway-experimentalChannel">`providers.kubernetesGateway.experimentalChannel`</a> | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute`)                                                                                                                                                                                    | false   | No       |
 | <a id="opt-providers-kubernetesGateway-token" href="#opt-providers-kubernetesGateway-token" title="#opt-providers-kubernetesGateway-token">`providers.kubernetesGateway.token`</a> | Bearer token used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                                            | ""      | No       |
 | <a id="opt-providers-kubernetesGateway-certAuthFilePath" href="#opt-providers-kubernetesGateway-certAuthFilePath" title="#opt-providers-kubernetesGateway-certAuthFilePath">`providers.kubernetesGateway.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                            | ""      | No       |
 | <a id="opt-providers-kubernetesGateway-namespaces" href="#opt-providers-kubernetesGateway-namespaces" title="#opt-providers-kubernetesGateway-namespaces">`providers.kubernetesGateway.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces.                                                                                                                                                                                                                                                                                                                               | []      | No       |

docs/content/reference/routing-configuration/kubernetes/gateway-api.md

@@ -8,11 +8,11 @@ description: "The Kubernetes Gateway API can be used as a provider for routing a
 When using the Kubernetes Gateway API provider, Traefik leverages the Gateway API Custom Resource Definitions (CRDs) to obtain its routing configuration. 
 For detailed information on the Gateway API concepts and resources, refer to the official [documentation](https://gateway-api.sigs.k8s.io/).
 
-The Kubernetes Gateway API provider supports version [v1.4.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.4.0) of the specification.
+The Kubernetes Gateway API provider supports version [v1.5.1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.5.1) of the specification.
 
-It fully supports all `HTTPRoute` core and some extended features, like `BackendTLSPolicy`, and `GRPCRoute` resources from the [Standard channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels), as well as `TCPRoute`, and `TLSRoute` resources from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels). 
+It fully supports all `HTTPRoute` core and some extended features, like `BackendTLSPolicy`, `GRPCRoute`, and `TLSRoute` resources from the [Standard channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels), as well as `TCPRoute` from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels).
 
-For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.4.0/traefik-traefik).
+For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.5.1/traefik-traefik).
 
 
 ## Deploying a Gateway

docs/content/routing/providers/kubernetes-gateway.md

@@ -8,11 +8,11 @@ description: "The Kubernetes Gateway API can be used as a provider for routing a
 When using the Kubernetes Gateway API provider, Traefik leverages the Gateway API Custom Resource Definitions (CRDs) to obtain its routing configuration. 
 For detailed information on the Gateway API concepts and resources, refer to the official [documentation](https://gateway-api.sigs.k8s.io/).
 
-The Kubernetes Gateway API provider supports version [v1.4.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.4.0) of the specification.
+The Kubernetes Gateway API provider supports version [v1.5.1](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.5.1) of the specification.
 
-It fully supports all `HTTPRoute` core and some extended features, like `GRPCRoute`, as well as the `TCPRoute` and `TLSRoute` resources from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels). 
+It fully supports all `HTTPRoute` core and some extended features, like `GRPCRoute` and `TLSRoute` (Standard channel), as well as `TCPRoute` from the [Experimental channel](https://gateway-api.sigs.k8s.io/concepts/versioning/?h=#release-channels).
 
-For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.4.0/traefik-traefik).
+For more details, check out the conformance [report](https://github.com/kubernetes-sigs/gateway-api/tree/main/conformance/reports/v1.5.1/traefik-traefik).
 
 ## Deploying a Gateway
 

go.mod

@@ -108,17 +108,18 @@ require (
 	google.golang.org/grpc v1.79.1
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.34.3
-	k8s.io/apiextensions-apiserver v0.34.3
-	k8s.io/apimachinery v0.34.3
-	k8s.io/client-go v0.34.3
-	k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // No tag on the repo.
+	k8s.io/api v0.35.2
+	k8s.io/apiextensions-apiserver v0.35.2
+	k8s.io/apimachinery v0.35.2
+	k8s.io/client-go v0.35.2
+	k8s.io/utils v0.0.0-20260108192941-914a6e750570 // No tag on the repo.
 	knative.dev/networking v0.0.0-20251217020127-11890a5dabea
 	knative.dev/pkg v0.0.0-20251216153728-9c8140b780d1
 	mvdan.cc/xurls/v2 v2.5.0
-	sigs.k8s.io/controller-runtime v0.22.1
-	sigs.k8s.io/gateway-api v1.4.0
-	sigs.k8s.io/structured-merge-diff/v6 v6.3.1
+	sigs.k8s.io/controller-runtime v0.23.3
+	sigs.k8s.io/gateway-api v1.5.1
+	sigs.k8s.io/gateway-api/conformance v1.5.1
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.2
 	sigs.k8s.io/yaml v1.6.0
 )
 
@@ -148,7 +149,7 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.3.1 // indirect
+	github.com/Masterminds/semver/v3 v3.4.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/VividCortex/gohistogram v1.0.0 // indirect
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v11 v11.1.0 // indirect
@@ -236,7 +237,6 @@ require (
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.11 // indirect
@@ -278,7 +278,7 @@ require (
 	github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect
 	github.com/mailgun/multibuf v0.1.2 // indirect
 	github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51 // indirect
-	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/mailru/easyjson v0.9.1 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mimuret/golang-iij-dpf v0.9.1 // indirect
@@ -369,9 +369,9 @@ require (
 	github.com/yandex-cloud/go-sdk/v2 v2.56.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.etcd.io/etcd/api/v3 v3.6.4 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
-	go.etcd.io/etcd/client/v3 v3.6.4 // indirect
+	go.etcd.io/etcd/api/v3 v3.6.5 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.6.5 // indirect
+	go.etcd.io/etcd/client/v3 v3.6.5 // indirect
 	go.mongodb.org/mongo-driver v1.13.1 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/collector/featuregate v1.41.0 // indirect
@@ -402,7 +402,7 @@ require (
 	gopkg.in/ns1/ns1-go.v2 v2.17.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect
+	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
 	nhooyr.io/websocket v1.8.7 // indirect
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect

go.sum

@@ -105,8 +105,8 @@ github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
-github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
@@ -605,8 +605,8 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc=
+github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
@@ -854,8 +854,8 @@ github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f h1:ZZYhg16XocqSKPGN
 github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f/go.mod h1:8heskWJ5c0v5J9WH89ADhyal1DOZcayll8fSbhB+/9A=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
-github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8=
+github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
@@ -1012,16 +1012,16 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
-github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc=
+github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
-github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
-github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=
+github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
@@ -1340,15 +1340,15 @@ github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
-go.etcd.io/etcd/api/v3 v3.6.4 h1:7F6N7toCKcV72QmoUKa23yYLiiljMrT4xCeBL9BmXdo=
-go.etcd.io/etcd/api/v3 v3.6.4/go.mod h1:eFhhvfR8Px1P6SEuLT600v+vrhdDTdcfMzmnxVXXSbk=
+go.etcd.io/etcd/api/v3 v3.6.5 h1:pMMc42276sgR1j1raO/Qv3QI9Af/AuyQUW6CBAWuntA=
+go.etcd.io/etcd/api/v3 v3.6.5/go.mod h1:ob0/oWA/UQQlT1BmaEkWQzI0sJ1M0Et0mMpaABxguOQ=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
-go.etcd.io/etcd/client/pkg/v3 v3.6.4 h1:9HBYrjppeOfFjBjaMTRxT3R7xT0GLK8EJMVC4xg6ok0=
-go.etcd.io/etcd/client/pkg/v3 v3.6.4/go.mod h1:sbdzr2cl3HzVmxNw//PH7aLGVtY4QySjQFuaCgcRFAI=
+go.etcd.io/etcd/client/pkg/v3 v3.6.5 h1:Duz9fAzIZFhYWgRjp/FgNq2gO1jId9Yae/rLn3RrBP8=
+go.etcd.io/etcd/client/pkg/v3 v3.6.5/go.mod h1:8Wx3eGRPiy0qOFMZT/hfvdos+DjEaPxdIDiCDUv/FQk=
 go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
-go.etcd.io/etcd/client/v3 v3.6.4 h1:YOMrCfMhRzY8NgtzUsHl8hC2EBSnuqbR3dh84Uryl7A=
-go.etcd.io/etcd/client/v3 v3.6.4/go.mod h1:jaNNHCyg2FdALyKWnd7hxZXZxZANb0+KGY+YQaEMISo=
+go.etcd.io/etcd/client/v3 v3.6.5 h1:yRwZNFBx/35VKHTcLDeO7XVLbCBFbPi+XV4OC3QJf2U=
+go.etcd.io/etcd/client/v3 v3.6.5/go.mod h1:ZqwG/7TAFZ0BJ0jXRPoJjKQJtbFo/9NIY8uoFFKcCyo=
 go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
 go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -1991,20 +1991,20 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4=
-k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk=
-k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g=
-k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0=
-k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE=
-k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
-k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A=
-k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM=
+k8s.io/api v0.35.2 h1:tW7mWc2RpxW7HS4CoRXhtYHSzme1PN1UjGHJ1bdrtdw=
+k8s.io/api v0.35.2/go.mod h1:7AJfqGoAZcwSFhOjcGM7WV05QxMMgUaChNfLTXDRE60=
+k8s.io/apiextensions-apiserver v0.35.2 h1:iyStXHoJZsUXPh/nFAsjC29rjJWdSgUmG1XpApE29c0=
+k8s.io/apiextensions-apiserver v0.35.2/go.mod h1:OdyGvcO1FtMDWQ+rRh/Ei3b6X3g2+ZDHd0MSRGeS8rU=
+k8s.io/apimachinery v0.35.2 h1:NqsM/mmZA7sHW02JZ9RTtk3wInRgbVxL8MPfzSANAK8=
+k8s.io/apimachinery v0.35.2/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns=
+k8s.io/client-go v0.35.2 h1:YUfPefdGJA4aljDdayAXkc98DnPkIetMl4PrKX97W9o=
+k8s.io/client-go v0.35.2/go.mod h1:4QqEwh4oQpeK8AaefZ0jwTFJw/9kIjdQi0jpKeYvz7g=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE=
-k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
-k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0=
-k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE=
+k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
+k8s.io/utils v0.0.0-20260108192941-914a6e750570 h1:JT4W8lsdrGENg9W+YwwdLJxklIuKWdRm+BC+xt33FOY=
+k8s.io/utils v0.0.0-20260108192941-914a6e750570/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
 knative.dev/networking v0.0.0-20251217020127-11890a5dabea h1:CsVi1M+NbPIfvBPWI9DQOwlzBG6+w+mAfhUDqw1jeXM=
 knative.dev/networking v0.0.0-20251217020127-11890a5dabea/go.mod h1:gPzztUiSYDSB3yHx85xr4j2ZccEdiZDWlLsYHr7fQtg=
 knative.dev/pkg v0.0.0-20251216153728-9c8140b780d1 h1:pSZ4sRKm/Kq1ec+7Yhow6jUH0FKZjzrUHpPsy6Lu8pE=
@@ -2017,16 +2017,18 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/controller-runtime v0.22.1 h1:Ah1T7I+0A7ize291nJZdS1CabF/lB4E++WizgV24Eqg=
-sigs.k8s.io/controller-runtime v0.22.1/go.mod h1:FwiwRjkRPbiN+zp2QRp7wlTCzbUXxZ/D4OzuQUDwBHY=
-sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ=
-sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk=
+sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80=
+sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0=
+sigs.k8s.io/gateway-api v1.5.1 h1:RqVRIlkhLhUO8wOHKTLnTJA6o/1un4po4/6M1nRzdd0=
+sigs.k8s.io/gateway-api v1.5.1/go.mod h1:GvCETiaMAlLym5CovLxGjS0NysqFk3+Yuq3/rh6QL2o=
+sigs.k8s.io/gateway-api/conformance v1.5.1 h1:5eruSMKcwKnkX42PFek8oO6BgPNBD5FbWbTcRV76KIw=
+sigs.k8s.io/gateway-api/conformance v1.5.1/go.mod h1:mcvYR0Zll1i5hmcKn+jNbWdZTBls6s5GU+FPUFIceXw=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
 sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=

integration/fixtures/gateway-api-conformance/02-traefik.yml

@@ -49,6 +49,8 @@ spec:
             - --entrypoints.web.address=:80
             - --entrypoints.websecure.address=:443
             - --entrypoints.web8080.address=:8080
+            - --entrypoints.tls8443.address=:8443
+            - --entrypoints.tls8883.address=:8883
             - --entrypoints.traefik.address=:9000
             - --providers.kubernetesgateway.experimentalChannel
             - --providers.kubernetesgateway.statusaddress.service.namespace=traefik
@@ -60,6 +62,10 @@ spec:
               containerPort: 443
             - name: web8080
               containerPort: 8080
+            - name: tls8443
+              containerPort: 8443
+            - name: tls8883
+              containerPort: 8883
             - name: traefik
               containerPort: 9000
 
@@ -83,6 +89,12 @@ spec:
     - port: 8080
       name: web8080
       targetPort: web8080
+    - port: 8443
+      name: tls8443
+      targetPort: tls8443
+    - port: 8883
+      name: tls8883
+      targetPort: tls8883
     - port: 9000
       name: traefik
       targetPort: traefik

integration/gateway-api-conformance-reports/v1.5.1/experimental-v3.7-default-report.yaml

@@ -1,7 +1,7 @@
 apiVersion: gateway.networking.k8s.io/v1
 date: '-'
 gatewayAPIChannel: experimental
-gatewayAPIVersion: v1.4.0
+gatewayAPIVersion: v1.5.1
 implementation:
   contact:
   - '@traefik/maintainers'
@@ -30,9 +30,10 @@ profiles:
     result: success
     statistics:
       Failed: 0
-      Passed: 15
+      Passed: 20
       Skipped: 0
     supportedFeatures:
+    - BackendTLSPolicy
     - GatewayPort8080
     - HTTPRouteBackendProtocolH2C
     - HTTPRouteBackendProtocolWebSocket
@@ -47,10 +48,18 @@ profiles:
     - HTTPRouteResponseHeaderModification
     - HTTPRouteSchemeRedirect
     unsupportedFeatures:
+    - BackendTLSPolicySANValidation
     - GatewayAddressEmpty
+    - GatewayBackendClientCertificate
+    - GatewayFrontendClientCertificateValidation
+    - GatewayFrontendClientCertificateValidationInsecureFallback
     - GatewayHTTPListenerIsolation
+    - GatewayHTTPSListenerDetectMisdirectedRequests
     - GatewayInfrastructurePropagation
     - GatewayStaticAddresses
+    - HTTPRoute303RedirectStatusCode
+    - HTTPRoute307RedirectStatusCode
+    - HTTPRoute308RedirectStatusCode
     - HTTPRouteBackendTimeout
     - HTTPRouteCORS
     - HTTPRouteNamedRouteRule
@@ -59,13 +68,37 @@ profiles:
     - HTTPRouteRequestMultipleMirrors
     - HTTPRouteRequestPercentageMirror
     - HTTPRouteRequestTimeout
+    - ListenerSet
   name: GATEWAY-HTTP
   summary: Core tests succeeded. Extended tests succeeded.
 - core:
     result: success
     statistics:
       Failed: 0
-      Passed: 11
+      Passed: 18
       Skipped: 0
+  extended:
+    result: success
+    statistics:
+      Failed: 0
+      Passed: 4
+      Skipped: 0
+    supportedFeatures:
+    - GatewayPort8080
+    - TLSRouteModeMixed
+    - TLSRouteModeTerminate
+    unsupportedFeatures:
+    - GatewayAddressEmpty
+    - GatewayBackendClientCertificate
+    - GatewayFrontendClientCertificateValidation
+    - GatewayFrontendClientCertificateValidationInsecureFallback
+    - GatewayHTTPListenerIsolation
+    - GatewayHTTPSListenerDetectMisdirectedRequests
+    - GatewayInfrastructurePropagation
+    - GatewayStaticAddresses
+    - ListenerSet
   name: GATEWAY-TLS
-  summary: Core tests succeeded.
+  summary: Core tests succeeded. Extended tests succeeded.
+succeededProvisionalTests:
+- TLSRouteMixedTerminationSameNamespace
+- TLSRouteTerminateSimpleSameNamespace

integration/gateway_api_conformance_test.go

@@ -80,7 +80,7 @@ func (s *GatewayAPIConformanceSuite) SetupSuite() {
 
 	s.k3sContainer, err = k3s.Run(ctx,
 		k3sImage,
-		k3s.WithManifest("./fixtures/gateway-api-conformance/00-experimental-v1.4.0.yml"),
+		k3s.WithManifest("./fixtures/gateway-api-conformance/00-experimental-v1.5.1.yml"),
 		k3s.WithManifest("./fixtures/gateway-api-conformance/01-rbac.yml"),
 		k3s.WithManifest("./fixtures/gateway-api-conformance/02-traefik.yml"),
 		network.WithNetwork(nil, s.network),

integration/testdata/rawdata-gateway.json

@@ -5,7 +5,7 @@
 				"traefik"
 			],
 			"service": "api@internal",
-			"rule": "PathPrefix(\"/api\")",
+			"rule": "PathPrefix(`/api`)",
 			"ruleSyntax": "default",
 			"priority": 9223372036854775806,
 			"observability": {
@@ -28,7 +28,7 @@
 				"dashboard_stripprefix@internal"
 			],
 			"service": "dashboard@internal",
-			"rule": "PathPrefix(\"/\")",
+			"rule": "PathPrefix(`/`)",
 			"ruleSyntax": "default",
 			"priority": 9223372036854775805,
 			"observability": {
@@ -127,7 +127,7 @@
 						"url": "http://10.42.0.4:80"
 					},
 					{
-						"url": "http://10.42.0.6:80"
+						"url": "http://10.42.0.8:80"
 					}
 				],
 				"strategy": "wrr",
@@ -139,7 +139,7 @@
 			"status": "enabled",
 			"serverStatus": {
 				"http://10.42.0.4:80": "UP",
-				"http://10.42.0.6:80": "UP"
+				"http://10.42.0.8:80": "UP"
 			}
 		},
 		"httproute-default-http-app-1-gw-default-my-gateway-ep-web-0-af329269dd38031b03e3-wrr@kubernetesgateway": {
@@ -175,6 +175,29 @@
 		}
 	},
 	"tcpRouters": {
+		"deny-unknown-host@kubernetesgateway": {
+			"entryPoints": [
+				"footcp",
+				"footlspassthrough",
+				"footlsterminate",
+				"web",
+				"websecure"
+			],
+			"service": "deny-unknown-host",
+			"rule": "HostSNI(`*`) \u0026\u0026 !ALPN(`h2`) \u0026\u0026 !ALPN(`http/1.1`)",
+			"priority": 1,
+			"tls": {
+				"passthrough": false
+			},
+			"status": "enabled",
+			"using": [
+				"footcp",
+				"footlspassthrough",
+				"footlsterminate",
+				"web",
+				"websecure"
+			]
+		},
 		"tcproute-default-tcp-app-1-gw-default-my-tcp-gateway-ep-footcp-0-e3b0c44298fc1c149afb@kubernetesgateway": {
 			"entryPoints": [
 				"footcp"
@@ -188,22 +211,6 @@
 				"footcp"
 			]
 		},
-		"tcproute-default-tcp-app-1-gw-default-my-tls-gateway-ep-footlsterminate-0-e3b0c44298fc1c149afb@kubernetesgateway": {
-			"entryPoints": [
-				"footlsterminate"
-			],
-			"service": "tcproute-default-tcp-app-1-gw-default-my-tls-gateway-ep-footlsterminate-0-e3b0c44298fc1c149afb-wrr",
-			"rule": "HostSNI(\"*\")",
-			"ruleSyntax": "default",
-			"priority": -1,
-			"tls": {
-				"passthrough": false
-			},
-			"status": "enabled",
-			"using": [
-				"footlsterminate"
-			]
-		},
 		"tlsroute-default-tls-app-1-gw-default-my-tls-gateway-ep-footlspassthrough-0-e3b0c44298fc1c149afb@kubernetesgateway": {
 			"entryPoints": [
 				"footlspassthrough"
@@ -226,19 +233,26 @@
 			"loadBalancer": {
 				"servers": [
 					{
-						"address": "10.42.0.2:8080"
+						"address": "10.42.0.6:8080"
 					},
 					{
-						"address": "10.42.0.3:8080"
+						"address": "10.42.0.9:8080"
 					}
 				]
 			},
 			"status": "enabled",
 			"serverStatus": {
-				"10.42.0.2:8080": "UP",
-				"10.42.0.6:8080": "UP"
+				"10.42.0.6:8080": "UP",
+				"10.42.0.9:8080": "UP"
 			}
 		},
+		"deny-unknown-host@kubernetesgateway": {
+			"loadBalancer": {},
+			"status": "enabled",
+			"usedBy": [
+				"deny-unknown-host@kubernetesgateway"
+			]
+		},
 		"tcproute-default-tcp-app-1-gw-default-my-tcp-gateway-ep-footcp-0-e3b0c44298fc1c149afb-wrr@kubernetesgateway": {
 			"weighted": {
 				"services": [
@@ -253,20 +267,6 @@
 				"tcproute-default-tcp-app-1-gw-default-my-tcp-gateway-ep-footcp-0-e3b0c44298fc1c149afb@kubernetesgateway"
 			]
 		},
-		"tcproute-default-tcp-app-1-gw-default-my-tls-gateway-ep-footlsterminate-0-e3b0c44298fc1c149afb-wrr@kubernetesgateway": {
-			"weighted": {
-				"services": [
-					{
-						"name": "default-whoamitcp-8080",
-						"weight": 1
-					}
-				]
-			},
-			"status": "enabled",
-			"usedBy": [
-				"tcproute-default-tcp-app-1-gw-default-my-tls-gateway-ep-footlsterminate-0-e3b0c44298fc1c149afb@kubernetesgateway"
-			]
-		},
 		"tlsroute-default-tls-app-1-gw-default-my-tls-gateway-ep-footlspassthrough-0-e3b0c44298fc1c149afb-wrr@kubernetesgateway": {
 			"weighted": {
 				"services": [

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/basicauth.go

@@ -28,11 +28,22 @@ package v1alpha1
 
 // BasicAuthApplyConfiguration represents a declarative configuration of the BasicAuth type for use
 // with apply.
+//
+// BasicAuth holds the basic auth middleware configuration.
+// This middleware restricts access to your services to known users.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/basicauth/
 type BasicAuthApplyConfiguration struct {
-	Secret       *string `json:"secret,omitempty"`
-	Realm        *string `json:"realm,omitempty"`
-	RemoveHeader *bool   `json:"removeHeader,omitempty"`
-	HeaderField  *string `json:"headerField,omitempty"`
+	// Secret is the name of the referenced Kubernetes Secret containing user credentials.
+	Secret *string `json:"secret,omitempty"`
+	// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+	// Default: traefik.
+	Realm *string `json:"realm,omitempty"`
+	// RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
+	// Default: false.
+	RemoveHeader *bool `json:"removeHeader,omitempty"`
+	// HeaderField defines a header field to store the authenticated user.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/basicauth/#headerfield
+	HeaderField *string `json:"headerField,omitempty"`
 }
 
 // BasicAuthApplyConfiguration constructs a declarative configuration of the BasicAuth type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/buffering.go

@@ -28,12 +28,29 @@ package v1alpha1
 
 // BufferingApplyConfiguration represents a declarative configuration of the Buffering type for use
 // with apply.
+//
+// Buffering holds the buffering middleware configuration.
+// This middleware retries or limits the size of requests that can be forwarded to backends.
+// More info: https://doc.traefik.io/traefik/v3.7/middlewares/http/buffering/#maxrequestbodybytes
 type BufferingApplyConfiguration struct {
-	MaxRequestBodyBytes  *int64  `json:"maxRequestBodyBytes,omitempty"`
-	MemRequestBodyBytes  *int64  `json:"memRequestBodyBytes,omitempty"`
-	MaxResponseBodyBytes *int64  `json:"maxResponseBodyBytes,omitempty"`
-	MemResponseBodyBytes *int64  `json:"memResponseBodyBytes,omitempty"`
-	RetryExpression      *string `json:"retryExpression,omitempty"`
+	// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
+	// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
+	// Default: 0 (no maximum).
+	MaxRequestBodyBytes *int64 `json:"maxRequestBodyBytes,omitempty"`
+	// MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
+	// Default: 1048576 (1Mi).
+	MemRequestBodyBytes *int64 `json:"memRequestBodyBytes,omitempty"`
+	// MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
+	// If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
+	// Default: 0 (no maximum).
+	MaxResponseBodyBytes *int64 `json:"maxResponseBodyBytes,omitempty"`
+	// MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
+	// Default: 1048576 (1Mi).
+	MemResponseBodyBytes *int64 `json:"memResponseBodyBytes,omitempty"`
+	// RetryExpression defines the retry conditions.
+	// It is a logical combination of functions with operators AND (&&) and OR (||).
+	// More info: https://doc.traefik.io/traefik/v3.7/middlewares/http/buffering/#retryexpression
+	RetryExpression *string `json:"retryExpression,omitempty"`
 }
 
 // BufferingApplyConfiguration constructs a declarative configuration of the Buffering type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/certificate.go

@@ -28,7 +28,10 @@ package v1alpha1
 
 // CertificateApplyConfiguration represents a declarative configuration of the Certificate type for use
 // with apply.
+//
+// Certificate holds a secret name for the TLSStore resource.
 type CertificateApplyConfiguration struct {
+	// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
 	SecretName *string `json:"secretName,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/chain.go

@@ -28,7 +28,12 @@ package v1alpha1
 
 // ChainApplyConfiguration represents a declarative configuration of the Chain type for use
 // with apply.
+//
+// Chain holds the configuration of the chain middleware.
+// This middleware enables to define reusable combinations of other pieces of middleware.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/chain/
 type ChainApplyConfiguration struct {
+	// Middlewares is the list of MiddlewareRef which composes the chain.
 	Middlewares []MiddlewareRefApplyConfiguration `json:"middlewares,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/circuitbreaker.go

@@ -32,12 +32,19 @@ import (
 
 // CircuitBreakerApplyConfiguration represents a declarative configuration of the CircuitBreaker type for use
 // with apply.
+//
+// CircuitBreaker holds the circuit breaker configuration.
 type CircuitBreakerApplyConfiguration struct {
-	Expression       *string             `json:"expression,omitempty"`
-	CheckPeriod      *intstr.IntOrString `json:"checkPeriod,omitempty"`
+	// Expression is the condition that triggers the tripped state.
+	Expression *string `json:"expression,omitempty"`
+	// CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).
+	CheckPeriod *intstr.IntOrString `json:"checkPeriod,omitempty"`
+	// FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state).
 	FallbackDuration *intstr.IntOrString `json:"fallbackDuration,omitempty"`
+	// RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
 	RecoveryDuration *intstr.IntOrString `json:"recoveryDuration,omitempty"`
-	ResponseCode     *int                `json:"responseCode,omitempty"`
+	// ResponseCode is the status code that the circuit breaker will return while it is in the open state.
+	ResponseCode *int `json:"responseCode,omitempty"`
 }
 
 // CircuitBreakerApplyConfiguration constructs a declarative configuration of the CircuitBreaker type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/clientauth.go

@@ -28,9 +28,13 @@ package v1alpha1
 
 // ClientAuthApplyConfiguration represents a declarative configuration of the ClientAuth type for use
 // with apply.
+//
+// ClientAuth holds the TLS client authentication configuration.
 type ClientAuthApplyConfiguration struct {
-	SecretNames    []string `json:"secretNames,omitempty"`
-	ClientAuthType *string  `json:"clientAuthType,omitempty"`
+	// SecretNames defines the names of the referenced Kubernetes Secret storing certificate details.
+	SecretNames []string `json:"secretNames,omitempty"`
+	// ClientAuthType defines the client authentication type to apply.
+	ClientAuthType *string `json:"clientAuthType,omitempty"`
 }
 
 // ClientAuthApplyConfiguration constructs a declarative configuration of the ClientAuth type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/clienttls.go

@@ -28,10 +28,17 @@ package v1alpha1
 
 // ClientTLSApplyConfiguration represents a declarative configuration of the ClientTLS type for use
 // with apply.
+//
+// ClientTLS holds the client TLS configuration.
 type ClientTLSApplyConfiguration struct {
-	CASecret           *string `json:"caSecret,omitempty"`
-	CertSecret         *string `json:"certSecret,omitempty"`
-	InsecureSkipVerify *bool   `json:"insecureSkipVerify,omitempty"`
+	// CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate.
+	// The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+	CASecret *string `json:"caSecret,omitempty"`
+	// CertSecret is the name of the referenced Kubernetes Secret containing the client certificate.
+	// The client certificate is extracted from the keys `tls.crt` and `tls.key`.
+	CertSecret *string `json:"certSecret,omitempty"`
+	// InsecureSkipVerify defines whether the server certificates should be validated.
+	InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
 }
 
 // ClientTLSApplyConfiguration constructs a declarative configuration of the ClientTLS type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/clienttlswithcaoptional.go

@@ -28,9 +28,13 @@ package v1alpha1
 
 // ClientTLSWithCAOptionalApplyConfiguration represents a declarative configuration of the ClientTLSWithCAOptional type for use
 // with apply.
+//
+// ClientTLSWithCAOptional holds the client TLS configuration.
+// TODO: This has to be removed once the CAOptional option is removed.
 type ClientTLSWithCAOptionalApplyConfiguration struct {
 	ClientTLSApplyConfiguration `json:",inline"`
-	CAOptional                  *bool `json:"caOptional,omitempty"`
+	// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
+	CAOptional *bool `json:"caOptional,omitempty"`
 }
 
 // ClientTLSWithCAOptionalApplyConfiguration constructs a declarative configuration of the ClientTLSWithCAOptional type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/compress.go

@@ -28,12 +28,23 @@ package v1alpha1
 
 // CompressApplyConfiguration represents a declarative configuration of the Compress type for use
 // with apply.
+//
+// Compress holds the compress middleware configuration.
+// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/compress/
 type CompressApplyConfiguration struct {
+	// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
+	// `application/grpc` is always excluded.
 	ExcludedContentTypes []string `json:"excludedContentTypes,omitempty"`
+	// IncludedContentTypes defines the list of content types to compare the Content-Type header of the responses before compressing.
 	IncludedContentTypes []string `json:"includedContentTypes,omitempty"`
-	MinResponseBodyBytes *int     `json:"minResponseBodyBytes,omitempty"`
-	Encodings            []string `json:"encodings,omitempty"`
-	DefaultEncoding      *string  `json:"defaultEncoding,omitempty"`
+	// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
+	// Default: 1024.
+	MinResponseBodyBytes *int `json:"minResponseBodyBytes,omitempty"`
+	// Encodings defines the list of supported compression algorithms.
+	Encodings []string `json:"encodings,omitempty"`
+	// DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`).
+	DefaultEncoding *string `json:"defaultEncoding,omitempty"`
 }
 
 // CompressApplyConfiguration constructs a declarative configuration of the Compress type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/digestauth.go

@@ -28,11 +28,21 @@ package v1alpha1
 
 // DigestAuthApplyConfiguration represents a declarative configuration of the DigestAuth type for use
 // with apply.
+//
+// DigestAuth holds the digest auth middleware configuration.
+// This middleware restricts access to your services to known users.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/digestauth/
 type DigestAuthApplyConfiguration struct {
-	Secret       *string `json:"secret,omitempty"`
-	RemoveHeader *bool   `json:"removeHeader,omitempty"`
-	Realm        *string `json:"realm,omitempty"`
-	HeaderField  *string `json:"headerField,omitempty"`
+	// Secret is the name of the referenced Kubernetes Secret containing user credentials.
+	Secret *string `json:"secret,omitempty"`
+	// RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
+	RemoveHeader *bool `json:"removeHeader,omitempty"`
+	// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
+	// Default: traefik.
+	Realm *string `json:"realm,omitempty"`
+	// HeaderField defines a header field to store the authenticated user.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/digestauth/#headerfield
+	HeaderField *string `json:"headerField,omitempty"`
 }
 
 // DigestAuthApplyConfiguration constructs a declarative configuration of the DigestAuth type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/errorpage.go

@@ -28,11 +28,28 @@ package v1alpha1
 
 // ErrorPageApplyConfiguration represents a declarative configuration of the ErrorPage type for use
 // with apply.
+//
+// ErrorPage holds the custom error middleware configuration.
+// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/errorpages/
 type ErrorPageApplyConfiguration struct {
-	Status         []string                   `json:"status,omitempty"`
-	StatusRewrites map[string]int             `json:"statusRewrites,omitempty"`
-	Service        *ServiceApplyConfiguration `json:"service,omitempty"`
-	Query          *string                    `json:"query,omitempty"`
+	// Status defines which status or range of statuses should result in an error page.
+	// It can be either a status code as a number (500),
+	// as multiple comma-separated numbers (500,502),
+	// as ranges by separating two codes with a dash (500-599),
+	// or a combination of the two (404,418,500-599).
+	Status []string `json:"status,omitempty"`
+	// StatusRewrites defines a mapping of status codes that should be returned instead of the original error status codes.
+	// For example: "418": 404 or "410-418": 404
+	StatusRewrites map[string]int `json:"statusRewrites,omitempty"`
+	// Service defines the reference to a Kubernetes Service that will serve the error page.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/errorpages/#service
+	Service *ServiceApplyConfiguration `json:"service,omitempty"`
+	// Query defines the URL for the error page (hosted by service).
+	// The {status} variable can be used in order to insert the status code in the URL.
+	// The {originalStatus} variable can be used in order to insert the upstream status code in the URL.
+	// The {url} variable can be used in order to insert the escaped request URL.
+	Query *string `json:"query,omitempty"`
 }
 
 // ErrorPageApplyConfiguration constructs a declarative configuration of the ErrorPage type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/failover.go

@@ -28,10 +28,15 @@ package v1alpha1
 
 // FailoverApplyConfiguration represents a declarative configuration of the Failover type for use
 // with apply.
+//
+// Failover holds the Failover configuration.
 type FailoverApplyConfiguration struct {
-	Service  *LoadBalancerSpecApplyConfiguration `json:"service,omitempty"`
+	// Service defines the main service to use.
+	Service *LoadBalancerSpecApplyConfiguration `json:"service,omitempty"`
+	// Fallback defines the fallback service to use when the main service returns an error.
 	Fallback *LoadBalancerSpecApplyConfiguration `json:"fallback,omitempty"`
-	Errors   *FailoverErrorApplyConfiguration    `json:"errors,omitempty"`
+	// Errors defines which errors should trigger the use of the fallback service.
+	Errors *FailoverErrorApplyConfiguration `json:"errors,omitempty"`
 }
 
 // FailoverApplyConfiguration constructs a declarative configuration of the Failover type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/failovererror.go

@@ -28,9 +28,14 @@ package v1alpha1
 
 // FailoverErrorApplyConfiguration represents a declarative configuration of the FailoverError type for use
 // with apply.
+//
+// FailoverError holds errors configuration for a Failover service.
 type FailoverErrorApplyConfiguration struct {
-	Status              []string `json:"status,omitempty"`
-	MaxRequestBodyBytes *int64   `json:"maxRequestBodyBytes,omitempty"`
+	// Status defines the list of status code ranges for which the fallback service should be used.
+	Status []string `json:"status,omitempty"`
+	// MaxRequestBodyBytes defines the maximum size allowed for the body of the request.
+	// Default value is -1, which means unlimited size.
+	MaxRequestBodyBytes *int64 `json:"maxRequestBodyBytes,omitempty"`
 }
 
 // FailoverErrorApplyConfiguration constructs a declarative configuration of the FailoverError type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/forwardauth.go

@@ -28,21 +28,42 @@ package v1alpha1
 
 // ForwardAuthApplyConfiguration represents a declarative configuration of the ForwardAuth type for use
 // with apply.
+//
+// ForwardAuth holds the forward auth middleware configuration.
+// This middleware delegates the request authentication to a Service.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/forwardauth/
 type ForwardAuthApplyConfiguration struct {
-	Address                  *string                                    `json:"address,omitempty"`
-	TrustForwardHeader       *bool                                      `json:"trustForwardHeader,omitempty"`
-	AuthResponseHeaders      []string                                   `json:"authResponseHeaders,omitempty"`
-	AuthResponseHeadersRegex *string                                    `json:"authResponseHeadersRegex,omitempty"`
-	AuthRequestHeaders       []string                                   `json:"authRequestHeaders,omitempty"`
-	TLS                      *ClientTLSWithCAOptionalApplyConfiguration `json:"tls,omitempty"`
-	MaxResponseBodySize      *int64                                     `json:"maxResponseBodySize,omitempty"`
-	AddAuthCookiesToResponse []string                                   `json:"addAuthCookiesToResponse,omitempty"`
-	HeaderField              *string                                    `json:"headerField,omitempty"`
-	ForwardBody              *bool                                      `json:"forwardBody,omitempty"`
-	MaxBodySize              *int64                                     `json:"maxBodySize,omitempty"`
-	PreserveLocationHeader   *bool                                      `json:"preserveLocationHeader,omitempty"`
-	PreserveRequestMethod    *bool                                      `json:"preserveRequestMethod,omitempty"`
-	AuthSigninURL            *string                                    `json:"authSigninURL,omitempty"`
+	// Address defines the authentication server address.
+	Address *string `json:"address,omitempty"`
+	// TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
+	TrustForwardHeader *bool `json:"trustForwardHeader,omitempty"`
+	// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
+	AuthResponseHeaders []string `json:"authResponseHeaders,omitempty"`
+	// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
+	AuthResponseHeadersRegex *string `json:"authResponseHeadersRegex,omitempty"`
+	// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
+	// If not set or empty then all request headers are passed.
+	AuthRequestHeaders []string `json:"authRequestHeaders,omitempty"`
+	// TLS defines the configuration used to secure the connection to the authentication server.
+	TLS *ClientTLSWithCAOptionalApplyConfiguration `json:"tls,omitempty"`
+	// MaxResponseBodySize defines the maximum body size in bytes allowed in the response from the authentication server.
+	MaxResponseBodySize *int64 `json:"maxResponseBodySize,omitempty"`
+	// AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.
+	AddAuthCookiesToResponse []string `json:"addAuthCookiesToResponse,omitempty"`
+	// HeaderField defines a header field to store the authenticated user.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
+	HeaderField *string `json:"headerField,omitempty"`
+	// ForwardBody defines whether to send the request body to the authentication server.
+	ForwardBody *bool `json:"forwardBody,omitempty"`
+	// MaxBodySize defines the maximum body size in bytes allowed to be forwarded to the authentication server.
+	MaxBodySize *int64 `json:"maxBodySize,omitempty"`
+	// PreserveLocationHeader defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server.
+	PreserveLocationHeader *bool `json:"preserveLocationHeader,omitempty"`
+	// PreserveRequestMethod defines whether to preserve the original request method while forwarding the request to the authentication server.
+	PreserveRequestMethod *bool `json:"preserveRequestMethod,omitempty"`
+	// AuthSigninURL specifies the URL to redirect to when the authentication server returns 401 Unauthorized.
+	AuthSigninURL *string `json:"authSigninURL,omitempty"`
 }
 
 // ForwardAuthApplyConfiguration constructs a declarative configuration of the ForwardAuth type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/forwardingtimeouts.go

@@ -32,12 +32,19 @@ import (
 
 // ForwardingTimeoutsApplyConfiguration represents a declarative configuration of the ForwardingTimeouts type for use
 // with apply.
+//
+// ForwardingTimeouts holds the timeout configurations for forwarding requests to the backend servers.
 type ForwardingTimeoutsApplyConfiguration struct {
-	DialTimeout           *intstr.IntOrString `json:"dialTimeout,omitempty"`
+	// DialTimeout is the amount of time to wait until a connection to a backend server can be established.
+	DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
+	// ResponseHeaderTimeout is the amount of time to wait for a server's response headers after fully writing the request (including its body, if any).
 	ResponseHeaderTimeout *intstr.IntOrString `json:"responseHeaderTimeout,omitempty"`
-	IdleConnTimeout       *intstr.IntOrString `json:"idleConnTimeout,omitempty"`
-	ReadIdleTimeout       *intstr.IntOrString `json:"readIdleTimeout,omitempty"`
-	PingTimeout           *intstr.IntOrString `json:"pingTimeout,omitempty"`
+	// IdleConnTimeout is the maximum period for which an idle HTTP keep-alive connection will remain open before closing itself.
+	IdleConnTimeout *intstr.IntOrString `json:"idleConnTimeout,omitempty"`
+	// ReadIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.
+	ReadIdleTimeout *intstr.IntOrString `json:"readIdleTimeout,omitempty"`
+	// PingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.
+	PingTimeout *intstr.IntOrString `json:"pingTimeout,omitempty"`
 }
 
 // ForwardingTimeoutsApplyConfiguration constructs a declarative configuration of the ForwardingTimeouts type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/highestrandomweight.go

@@ -28,7 +28,11 @@ package v1alpha1
 
 // HighestRandomWeightApplyConfiguration represents a declarative configuration of the HighestRandomWeight type for use
 // with apply.
+//
+// HighestRandomWeight holds the highest random weight configuration.
+// More info: https://doc.traefik.io/traefik/v3.7/routing/services/#highest-random-configuration
 type HighestRandomWeightApplyConfiguration struct {
+	// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
 	Services []ServiceApplyConfiguration `json:"services,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressroute.go

@@ -34,8 +34,12 @@ import (
 
 // IngressRouteApplyConfiguration represents a declarative configuration of the IngressRoute type for use
 // with apply.
+//
+// IngressRoute is the CRD implementation of a Traefik HTTP Router.
 type IngressRouteApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *IngressRouteSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +54,7 @@ func IngressRoute(name, namespace string) *IngressRouteApplyConfiguration {
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b IngressRouteApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressrouteref.go

@@ -28,8 +28,12 @@ package v1alpha1
 
 // IngressRouteRefApplyConfiguration represents a declarative configuration of the IngressRouteRef type for use
 // with apply.
+//
+// IngressRouteRef is a reference to an IngressRoute resource.
 type IngressRouteRefApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
+	// Name defines the name of the referenced IngressRoute resource.
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced IngressRoute resource.
 	Namespace *string `json:"namespace,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressroutespec.go

@@ -28,12 +28,25 @@ package v1alpha1
 
 // IngressRouteSpecApplyConfiguration represents a declarative configuration of the IngressRouteSpec type for use
 // with apply.
+//
+// IngressRouteSpec defines the desired state of IngressRoute.
 type IngressRouteSpecApplyConfiguration struct {
-	IngressClassName *string                             `json:"ingressClassName,omitempty"`
-	EntryPoints      []string                            `json:"entryPoints,omitempty"`
-	Routes           []RouteApplyConfiguration           `json:"routes,omitempty"`
-	TLS              *TLSApplyConfiguration              `json:"tls,omitempty"`
-	ParentRefs       []IngressRouteRefApplyConfiguration `json:"parentRefs,omitempty"`
+	// IngressClassName defines the name of the IngressClass cluster resource.
+	IngressClassName *string `json:"ingressClassName,omitempty"`
+	// EntryPoints defines the list of entry point names to bind to.
+	// Entry points have to be configured in the static configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/install-configuration/entrypoints/
+	// Default: all.
+	EntryPoints []string `json:"entryPoints,omitempty"`
+	// Routes defines the list of routes.
+	Routes []RouteApplyConfiguration `json:"routes,omitempty"`
+	// TLS defines the TLS configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/routing/router/#tls
+	TLS *TLSApplyConfiguration `json:"tls,omitempty"`
+	// ParentRefs defines references to parent IngressRoute resources for multi-layer routing.
+	// When set, this IngressRoute's routers will be children of the referenced parent IngressRoute's routers.
+	// More info: https://doc.traefik.io/traefik/v3.7/routing/routers/#parentrefs
+	ParentRefs []IngressRouteRefApplyConfiguration `json:"parentRefs,omitempty"`
 }
 
 // IngressRouteSpecApplyConfiguration constructs a declarative configuration of the IngressRouteSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressroutetcp.go

@@ -34,8 +34,12 @@ import (
 
 // IngressRouteTCPApplyConfiguration represents a declarative configuration of the IngressRouteTCP type for use
 // with apply.
+//
+// IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
 type IngressRouteTCPApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *IngressRouteTCPSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +54,7 @@ func IngressRouteTCP(name, namespace string) *IngressRouteTCPApplyConfiguration
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b IngressRouteTCPApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressroutetcpspec.go

@@ -28,11 +28,21 @@ package v1alpha1
 
 // IngressRouteTCPSpecApplyConfiguration represents a declarative configuration of the IngressRouteTCPSpec type for use
 // with apply.
+//
+// IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
 type IngressRouteTCPSpecApplyConfiguration struct {
-	IngressClassName *string                      `json:"ingressClassName,omitempty"`
-	EntryPoints      []string                     `json:"entryPoints,omitempty"`
-	Routes           []RouteTCPApplyConfiguration `json:"routes,omitempty"`
-	TLS              *TLSTCPApplyConfiguration    `json:"tls,omitempty"`
+	// IngressClassName defines the name of the IngressClass cluster resource.
+	IngressClassName *string `json:"ingressClassName,omitempty"`
+	// EntryPoints defines the list of entry point names to bind to.
+	// Entry points have to be configured in the static configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/install-configuration/entrypoints/
+	// Default: all.
+	EntryPoints []string `json:"entryPoints,omitempty"`
+	// Routes defines the list of routes.
+	Routes []RouteTCPApplyConfiguration `json:"routes,omitempty"`
+	// TLS defines the TLS configuration on a layer 4 / TCP Route.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/routing/router/#tls
+	TLS *TLSTCPApplyConfiguration `json:"tls,omitempty"`
 }
 
 // IngressRouteTCPSpecApplyConfiguration constructs a declarative configuration of the IngressRouteTCPSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressrouteudp.go

@@ -34,8 +34,12 @@ import (
 
 // IngressRouteUDPApplyConfiguration represents a declarative configuration of the IngressRouteUDP type for use
 // with apply.
+//
+// IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
 type IngressRouteUDPApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *IngressRouteUDPSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +54,7 @@ func IngressRouteUDP(name, namespace string) *IngressRouteUDPApplyConfiguration
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b IngressRouteUDPApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ingressrouteudpspec.go

@@ -28,10 +28,18 @@ package v1alpha1
 
 // IngressRouteUDPSpecApplyConfiguration represents a declarative configuration of the IngressRouteUDPSpec type for use
 // with apply.
+//
+// IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
 type IngressRouteUDPSpecApplyConfiguration struct {
-	IngressClassName *string                      `json:"ingressClassName,omitempty"`
-	EntryPoints      []string                     `json:"entryPoints,omitempty"`
-	Routes           []RouteUDPApplyConfiguration `json:"routes,omitempty"`
+	// IngressClassName defines the name of the IngressClass cluster resource.
+	IngressClassName *string `json:"ingressClassName,omitempty"`
+	// EntryPoints defines the list of entry point names to bind to.
+	// Entry points have to be configured in the static configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/install-configuration/entrypoints/
+	// Default: all.
+	EntryPoints []string `json:"entryPoints,omitempty"`
+	// Routes defines the list of routes.
+	Routes []RouteUDPApplyConfiguration `json:"routes,omitempty"`
 }
 
 // IngressRouteUDPSpecApplyConfiguration constructs a declarative configuration of the IngressRouteUDPSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/loadbalancerspec.go

@@ -33,22 +33,59 @@ import (
 
 // LoadBalancerSpecApplyConfiguration represents a declarative configuration of the LoadBalancerSpec type for use
 // with apply.
+//
+// LoadBalancerSpec defines the desired state of LoadBalancer.
+// It can reference either a Kubernetes Service object (a load-balancer of servers),
+// or a TraefikService object (a load-balancer of Traefik services).
 type LoadBalancerSpecApplyConfiguration struct {
-	Name               *string                                     `json:"name,omitempty"`
-	Kind               *string                                     `json:"kind,omitempty"`
-	Namespace          *string                                     `json:"namespace,omitempty"`
-	Middlewares        []MiddlewareRefApplyConfiguration           `json:"middlewares,omitempty"`
-	Sticky             *dynamic.Sticky                             `json:"sticky,omitempty"`
-	Port               *intstr.IntOrString                         `json:"port,omitempty"`
-	Scheme             *string                                     `json:"scheme,omitempty"`
-	Strategy           *dynamic.BalancerStrategy                   `json:"strategy,omitempty"`
-	PassHostHeader     *bool                                       `json:"passHostHeader,omitempty"`
-	ResponseForwarding *ResponseForwardingApplyConfiguration       `json:"responseForwarding,omitempty"`
-	ServersTransport   *string                                     `json:"serversTransport,omitempty"`
-	Weight             *int                                        `json:"weight,omitempty"`
-	NativeLB           *bool                                       `json:"nativeLB,omitempty"`
-	NodePortLB         *bool                                       `json:"nodePortLB,omitempty"`
-	HealthCheck        *ServerHealthCheckApplyConfiguration        `json:"healthCheck,omitempty"`
+	// Name defines the name of the referenced Kubernetes Service or TraefikService.
+	// The differentiation between the two is specified in the Kind field.
+	Name *string `json:"name,omitempty"`
+	// Kind defines the kind of the Service.
+	Kind *string `json:"kind,omitempty"`
+	// Namespace defines the namespace of the referenced Kubernetes Service or TraefikService.
+	Namespace *string `json:"namespace,omitempty"`
+	// Middlewares defines the list of references to Middleware resources to apply to the service.
+	Middlewares []MiddlewareRefApplyConfiguration `json:"middlewares,omitempty"`
+	// Sticky defines the sticky sessions configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
+	Sticky *dynamic.Sticky `json:"sticky,omitempty"`
+	// Port defines the port of a Kubernetes Service.
+	// This can be a reference to a named port.
+	Port *intstr.IntOrString `json:"port,omitempty"`
+	// Scheme defines the scheme to use for the request to the upstream Kubernetes Service.
+	// It defaults to https when Kubernetes Service port is 443, http otherwise.
+	Scheme *string `json:"scheme,omitempty"`
+	// Strategy defines the load balancing strategy between the servers.
+	// Supported values are: wrr (Weighed round-robin), p2c (Power of two choices), hrw (Highest Random Weight), and leasttime (Least-Time).
+	// RoundRobin value is deprecated and supported for backward compatibility.
+	// TODO: when the deprecated RoundRobin value will be removed, set the default kubebuilder value to wrr.
+	Strategy *dynamic.BalancerStrategy `json:"strategy,omitempty"`
+	// PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service.
+	// By default, passHostHeader is true.
+	PassHostHeader *bool `json:"passHostHeader,omitempty"`
+	// ResponseForwarding defines how Traefik forwards the response from the upstream Kubernetes Service to the client.
+	ResponseForwarding *ResponseForwardingApplyConfiguration `json:"responseForwarding,omitempty"`
+	// ServersTransport defines the name of ServersTransport resource to use.
+	// It allows to configure the transport between Traefik and your servers.
+	// Can only be used on a Kubernetes Service.
+	ServersTransport *string `json:"serversTransport,omitempty"`
+	// Weight defines the weight and should only be specified when Name references a TraefikService object
+	// (and to be precise, one that embeds a Weighted Round Robin).
+	Weight *int `json:"weight,omitempty"`
+	// NativeLB controls, when creating the load-balancer,
+	// whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+	// The Kubernetes Service itself does load-balance to the pods.
+	// By default, NativeLB is false.
+	NativeLB *bool `json:"nativeLB,omitempty"`
+	// NodePortLB controls, when creating the load-balancer,
+	// whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.
+	// It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
+	// By default, NodePortLB is false.
+	NodePortLB *bool `json:"nodePortLB,omitempty"`
+	// Healthcheck defines health checks for ExternalName services.
+	HealthCheck *ServerHealthCheckApplyConfiguration `json:"healthCheck,omitempty"`
+	// PassiveHealthCheck defines passive health checks for ExternalName services.
 	PassiveHealthCheck *PassiveServerHealthCheckApplyConfiguration `json:"passiveHealthCheck,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/middleware.go

@@ -34,8 +34,13 @@ import (
 
 // MiddlewareApplyConfiguration represents a declarative configuration of the Middleware type for use
 // with apply.
+//
+// Middleware is the CRD implementation of a Traefik Middleware.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/overview/
 type MiddlewareApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *MiddlewareSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +55,7 @@ func Middleware(name, namespace string) *MiddlewareApplyConfiguration {
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b MiddlewareApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/middlewareref.go

@@ -28,8 +28,12 @@ package v1alpha1
 
 // MiddlewareRefApplyConfiguration represents a declarative configuration of the MiddlewareRef type for use
 // with apply.
+//
+// MiddlewareRef is a reference to a Middleware resource.
 type MiddlewareRefApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
+	// Name defines the name of the referenced Middleware resource.
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced Middleware resource.
 	Namespace *string `json:"namespace,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/middlewarespec.go

@@ -33,13 +33,16 @@ import (
 
 // MiddlewareSpecApplyConfiguration represents a declarative configuration of the MiddlewareSpec type for use
 // with apply.
+//
+// MiddlewareSpec defines the desired state of a Middleware.
 type MiddlewareSpecApplyConfiguration struct {
-	AddPrefix         *dynamic.AddPrefix                `json:"addPrefix,omitempty"`
-	StripPrefix       *dynamic.StripPrefix              `json:"stripPrefix,omitempty"`
-	StripPrefixRegex  *dynamic.StripPrefixRegex         `json:"stripPrefixRegex,omitempty"`
-	ReplacePath       *dynamic.ReplacePath              `json:"replacePath,omitempty"`
-	ReplacePathRegex  *dynamic.ReplacePathRegex         `json:"replacePathRegex,omitempty"`
-	Chain             *ChainApplyConfiguration          `json:"chain,omitempty"`
+	AddPrefix        *dynamic.AddPrefix        `json:"addPrefix,omitempty"`
+	StripPrefix      *dynamic.StripPrefix      `json:"stripPrefix,omitempty"`
+	StripPrefixRegex *dynamic.StripPrefixRegex `json:"stripPrefixRegex,omitempty"`
+	ReplacePath      *dynamic.ReplacePath      `json:"replacePath,omitempty"`
+	ReplacePathRegex *dynamic.ReplacePathRegex `json:"replacePathRegex,omitempty"`
+	Chain            *ChainApplyConfiguration  `json:"chain,omitempty"`
+	// Deprecated: please use IPAllowList instead.
 	IPWhiteList       *dynamic.IPWhiteList              `json:"ipWhiteList,omitempty"`
 	IPAllowList       *dynamic.IPAllowList              `json:"ipAllowList,omitempty"`
 	Headers           *dynamic.Headers                  `json:"headers,omitempty"`
@@ -59,7 +62,9 @@ type MiddlewareSpecApplyConfiguration struct {
 	Retry             *RetryApplyConfiguration          `json:"retry,omitempty"`
 	ContentType       *dynamic.ContentType              `json:"contentType,omitempty"`
 	GrpcWeb           *dynamic.GrpcWeb                  `json:"grpcWeb,omitempty"`
-	Plugin            map[string]v1.JSON                `json:"plugin,omitempty"`
+	// Plugin defines the middleware plugin configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/overview/#community-middlewares
+	Plugin map[string]v1.JSON `json:"plugin,omitempty"`
 }
 
 // MiddlewareSpecApplyConfiguration constructs a declarative configuration of the MiddlewareSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/middlewaretcp.go

@@ -34,8 +34,13 @@ import (
 
 // MiddlewareTCPApplyConfiguration represents a declarative configuration of the MiddlewareTCP type for use
 // with apply.
+//
+// MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/middlewares/overview/
 type MiddlewareTCPApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *MiddlewareTCPSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +55,7 @@ func MiddlewareTCP(name, namespace string) *MiddlewareTCPApplyConfiguration {
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b MiddlewareTCPApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/middlewaretcpspec.go

@@ -32,10 +32,21 @@ import (
 
 // MiddlewareTCPSpecApplyConfiguration represents a declarative configuration of the MiddlewareTCPSpec type for use
 // with apply.
+//
+// MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
 type MiddlewareTCPSpecApplyConfiguration struct {
+	// InFlightConn defines the InFlightConn middleware configuration.
 	InFlightConn *dynamic.TCPInFlightConn `json:"inFlightConn,omitempty"`
-	IPWhiteList  *dynamic.TCPIPWhiteList  `json:"ipWhiteList,omitempty"`
-	IPAllowList  *dynamic.TCPIPAllowList  `json:"ipAllowList,omitempty"`
+	// IPWhiteList defines the IPWhiteList middleware configuration.
+	// This middleware accepts/refuses connections based on the client IP.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/middlewares/ipwhitelist/
+	//
+	// Deprecated: please use IPAllowList instead.
+	IPWhiteList *dynamic.TCPIPWhiteList `json:"ipWhiteList,omitempty"`
+	// IPAllowList defines the IPAllowList middleware configuration.
+	// This middleware accepts/refuses connections based on the client IP.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/middlewares/ipallowlist/
+	IPAllowList *dynamic.TCPIPAllowList `json:"ipAllowList,omitempty"`
 }
 
 // MiddlewareTCPSpecApplyConfiguration constructs a declarative configuration of the MiddlewareTCPSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/mirroring.go

@@ -33,11 +33,20 @@ import (
 
 // MirroringApplyConfiguration represents a declarative configuration of the Mirroring type for use
 // with apply.
+//
+// Mirroring holds the mirroring service configuration.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/load-balancing/service/#mirroring
 type MirroringApplyConfiguration struct {
 	LoadBalancerSpecApplyConfiguration `json:",inline"`
-	MirrorBody                         *bool                             `json:"mirrorBody,omitempty"`
-	MaxBodySize                        *int64                            `json:"maxBodySize,omitempty"`
-	Mirrors                            []MirrorServiceApplyConfiguration `json:"mirrors,omitempty"`
+	// MirrorBody defines whether the body of the request should be mirrored.
+	// Default value is true.
+	MirrorBody *bool `json:"mirrorBody,omitempty"`
+	// MaxBodySize defines the maximum size allowed for the body of the request.
+	// If the body is larger, the request is not mirrored.
+	// Default value is -1, which means unlimited size.
+	MaxBodySize *int64 `json:"maxBodySize,omitempty"`
+	// Mirrors defines the list of mirrors where Traefik will duplicate the traffic.
+	Mirrors []MirrorServiceApplyConfiguration `json:"mirrors,omitempty"`
 }
 
 // MirroringApplyConfiguration constructs a declarative configuration of the Mirroring type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/mirrorservice.go

@@ -33,9 +33,13 @@ import (
 
 // MirrorServiceApplyConfiguration represents a declarative configuration of the MirrorService type for use
 // with apply.
+//
+// MirrorService holds the mirror configuration.
 type MirrorServiceApplyConfiguration struct {
 	LoadBalancerSpecApplyConfiguration `json:",inline"`
-	Percent                            *int `json:"percent,omitempty"`
+	// Percent defines the part of the traffic to mirror.
+	// Supported values: 0 to 100.
+	Percent *int `json:"percent,omitempty"`
 }
 
 // MirrorServiceApplyConfiguration constructs a declarative configuration of the MirrorService type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/objectreference.go

@@ -28,8 +28,12 @@ package v1alpha1
 
 // ObjectReferenceApplyConfiguration represents a declarative configuration of the ObjectReference type for use
 // with apply.
+//
+// ObjectReference is a generic reference to a Traefik resource.
 type ObjectReferenceApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
+	// Name defines the name of the referenced Traefik resource.
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced Traefik resource.
 	Namespace *string `json:"namespace,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/passiveserverhealthcheck.go

@@ -33,8 +33,10 @@ import (
 // PassiveServerHealthCheckApplyConfiguration represents a declarative configuration of the PassiveServerHealthCheck type for use
 // with apply.
 type PassiveServerHealthCheckApplyConfiguration struct {
-	FailureWindow     *intstr.IntOrString `json:"failureWindow,omitempty"`
-	MaxFailedAttempts *int                `json:"maxFailedAttempts,omitempty"`
+	// FailureWindow defines the time window during which the failed attempts must occur for the server to be marked as unhealthy. It also defines for how long the server will be considered unhealthy.
+	FailureWindow *intstr.IntOrString `json:"failureWindow,omitempty"`
+	// MaxFailedAttempts is the number of consecutive failed attempts allowed within the failure window before marking the server as unhealthy.
+	MaxFailedAttempts *int `json:"maxFailedAttempts,omitempty"`
 }
 
 // PassiveServerHealthCheckApplyConfiguration constructs a declarative configuration of the PassiveServerHealthCheck type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/ratelimit.go

@@ -33,12 +33,28 @@ import (
 
 // RateLimitApplyConfiguration represents a declarative configuration of the RateLimit type for use
 // with apply.
+//
+// RateLimit holds the rate limit configuration.
+// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/ratelimit/
 type RateLimitApplyConfiguration struct {
-	Average         *int64                   `json:"average,omitempty"`
-	Period          *intstr.IntOrString      `json:"period,omitempty"`
-	Burst           *int64                   `json:"burst,omitempty"`
+	// Average is the maximum rate, by default in requests/s, allowed for the given source.
+	// It defaults to 0, which means no rate limiting.
+	// The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
+	// one needs to define a Period larger than a second.
+	Average *int64 `json:"average,omitempty"`
+	// Period, in combination with Average, defines the actual maximum rate, such as:
+	// r = Average / Period. It defaults to a second.
+	Period *intstr.IntOrString `json:"period,omitempty"`
+	// Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
+	// It defaults to 1.
+	Burst *int64 `json:"burst,omitempty"`
+	// SourceCriterion defines what criterion is used to group requests as originating from a common source.
+	// If several strategies are defined at the same time, an error will be raised.
+	// If none are set, the default is to use the request's remote address field (as an ipStrategy).
 	SourceCriterion *dynamic.SourceCriterion `json:"sourceCriterion,omitempty"`
-	Redis           *RedisApplyConfiguration `json:"redis,omitempty"`
+	// Redis hold the configs of Redis as bucket in rate limiter.
+	Redis *RedisApplyConfiguration `json:"redis,omitempty"`
 }
 
 // RateLimitApplyConfiguration constructs a declarative configuration of the RateLimit type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/redis.go

@@ -32,17 +32,40 @@ import (
 
 // RedisApplyConfiguration represents a declarative configuration of the Redis type for use
 // with apply.
+//
+// Redis contains the configuration for using Redis in middleware.
+// In a Kubernetes setup, the username and password are stored in a Secret file within the same namespace as the middleware.
 type RedisApplyConfiguration struct {
-	Endpoints      []string                     `json:"endpoints,omitempty"`
-	TLS            *ClientTLSApplyConfiguration `json:"tls,omitempty"`
-	Secret         *string                      `json:"secret,omitempty"`
-	DB             *int                         `json:"db,omitempty"`
-	PoolSize       *int                         `json:"poolSize,omitempty"`
-	MinIdleConns   *int                         `json:"minIdleConns,omitempty"`
-	MaxActiveConns *int                         `json:"maxActiveConns,omitempty"`
-	ReadTimeout    *intstr.IntOrString          `json:"readTimeout,omitempty"`
-	WriteTimeout   *intstr.IntOrString          `json:"writeTimeout,omitempty"`
-	DialTimeout    *intstr.IntOrString          `json:"dialTimeout,omitempty"`
+	// Endpoints contains either a single address or a seed list of host:port addresses.
+	// Default value is ["localhost:6379"].
+	Endpoints []string `json:"endpoints,omitempty"`
+	// TLS defines TLS-specific configurations, including the CA, certificate, and key,
+	// which can be provided as a file path or file content.
+	TLS *ClientTLSApplyConfiguration `json:"tls,omitempty"`
+	// Secret defines the name of the referenced Kubernetes Secret containing Redis credentials.
+	Secret *string `json:"secret,omitempty"`
+	// DB defines the Redis database that will be selected after connecting to the server.
+	DB *int `json:"db,omitempty"`
+	// PoolSize defines the initial number of socket connections.
+	// If the pool runs out of available connections, additional ones will be created beyond PoolSize.
+	// This can be limited using MaxActiveConns.
+	// // Default value is 0, meaning 10 connections per every available CPU as reported by runtime.GOMAXPROCS.
+	PoolSize *int `json:"poolSize,omitempty"`
+	// MinIdleConns defines the minimum number of idle connections.
+	// Default value is 0, and idle connections are not closed by default.
+	MinIdleConns *int `json:"minIdleConns,omitempty"`
+	// MaxActiveConns defines the maximum number of connections allocated by the pool at a given time.
+	// Default value is 0, meaning there is no limit.
+	MaxActiveConns *int `json:"maxActiveConns,omitempty"`
+	// ReadTimeout defines the timeout for socket read operations.
+	// Default value is 3 seconds.
+	ReadTimeout *intstr.IntOrString `json:"readTimeout,omitempty"`
+	// WriteTimeout defines the timeout for socket write operations.
+	// Default value is 3 seconds.
+	WriteTimeout *intstr.IntOrString `json:"writeTimeout,omitempty"`
+	// DialTimeout sets the timeout for establishing new connections.
+	// Default value is 5 seconds.
+	DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
 }
 
 // RedisApplyConfiguration constructs a declarative configuration of the Redis type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/responseforwarding.go

@@ -29,6 +29,11 @@ package v1alpha1
 // ResponseForwardingApplyConfiguration represents a declarative configuration of the ResponseForwarding type for use
 // with apply.
 type ResponseForwardingApplyConfiguration struct {
+	// FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
+	// A negative value means to flush immediately after each write to the client.
+	// This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
+	// for such responses, writes are flushed to the client immediately.
+	// Default: 100ms
 	FlushInterval *string `json:"flushInterval,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/retry.go

@@ -32,14 +32,33 @@ import (
 
 // RetryApplyConfiguration represents a declarative configuration of the Retry type for use
 // with apply.
+//
+// Retry holds the retry middleware configuration.
+// This middleware reissues requests a given number of times to a backend server if that server does not reply.
+// As soon as the server answers, the middleware stops retrying, regardless of the response status.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/middlewares/retry/
 type RetryApplyConfiguration struct {
-	Attempts                   *int                `json:"attempts,omitempty"`
-	Timeout                    *intstr.IntOrString `json:"timeout,omitempty"`
-	InitialInterval            *intstr.IntOrString `json:"initialInterval,omitempty"`
-	MaxRequestBodyBytes        *int64              `json:"maxRequestBodyBytes,omitempty"`
-	Status                     []string            `json:"status,omitempty"`
-	DisableRetryOnNetworkError *bool               `json:"disableRetryOnNetworkError,omitempty"`
-	RetryNonIdempotentMethod   *bool               `json:"retryNonIdempotentMethod,omitempty"`
+	// Attempts defines how many times the request should be retried.
+	Attempts *int `json:"attempts,omitempty"`
+	// Timeout defines how much time the middleware is allowed to retry the request.
+	// The value of timeout should be provided in seconds or as a valid duration format,
+	// see https://pkg.go.dev/time#ParseDuration.
+	Timeout *intstr.IntOrString `json:"timeout,omitempty"`
+	// InitialInterval defines the first wait time in the exponential backoff series.
+	// The maximum interval is calculated as twice the initialInterval.
+	// If unspecified, requests will be retried immediately.
+	// The value of initialInterval should be provided in seconds or as a valid duration format,
+	// see https://pkg.go.dev/time#ParseDuration.
+	InitialInterval *intstr.IntOrString `json:"initialInterval,omitempty"`
+	// MaxRequestBodyBytes defines the maximum size for the request body.
+	// Default is `-1`, which means no limit.
+	MaxRequestBodyBytes *int64 `json:"maxRequestBodyBytes,omitempty"`
+	// Status defines the range of HTTP status codes to retry on.
+	Status []string `json:"status,omitempty"`
+	// DisableRetryOnNetworkError defines whether to disable the retry if an error occurs when transmitting the request to the server.
+	DisableRetryOnNetworkError *bool `json:"disableRetryOnNetworkError,omitempty"`
+	// RetryNonIdempotentMethod activates the retry for non-idempotent methods (POST, LOCK, PATCH)
+	RetryNonIdempotentMethod *bool `json:"retryNonIdempotentMethod,omitempty"`
 }
 
 // RetryApplyConfiguration constructs a declarative configuration of the Retry type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/rootca.go

@@ -28,8 +28,15 @@ package v1alpha1
 
 // RootCAApplyConfiguration represents a declarative configuration of the RootCA type for use
 // with apply.
+//
+// RootCA defines a reference to a Secret or a ConfigMap that holds a CA certificate.
+// If both a Secret and a ConfigMap reference are defined, the Secret reference takes precedence.
 type RootCAApplyConfiguration struct {
-	Secret    *string `json:"secret,omitempty"`
+	// Secret defines the name of a Secret that holds a CA certificate.
+	// The referenced Secret must contain a certificate under either a tls.ca or a ca.crt key.
+	Secret *string `json:"secret,omitempty"`
+	// ConfigMap defines the name of a ConfigMap that holds a CA certificate.
+	// The referenced ConfigMap must contain a certificate under either a tls.ca or a ca.crt key.
 	ConfigMap *string `json:"configMap,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/route.go

@@ -32,13 +32,32 @@ import (
 
 // RouteApplyConfiguration represents a declarative configuration of the Route type for use
 // with apply.
+//
+// Route holds the HTTP route configuration.
 type RouteApplyConfiguration struct {
-	Match         *string                            `json:"match,omitempty"`
-	Kind          *string                            `json:"kind,omitempty"`
-	Priority      *int                               `json:"priority,omitempty"`
-	Syntax        *string                            `json:"syntax,omitempty"`
-	Services      []ServiceApplyConfiguration        `json:"services,omitempty"`
-	Middlewares   []MiddlewareRefApplyConfiguration  `json:"middlewares,omitempty"`
+	// Match defines the router's rule.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/routing/rules-and-priority/
+	Match *string `json:"match,omitempty"`
+	// Kind defines the kind of the route.
+	// Rule is the only supported kind.
+	// If not defined, defaults to Rule.
+	Kind *string `json:"kind,omitempty"`
+	// Priority defines the router's priority.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/routing/rules-and-priority/#priority
+	Priority *int `json:"priority,omitempty"`
+	// Syntax defines the router's rule syntax.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
+	//
+	// Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
+	Syntax *string `json:"syntax,omitempty"`
+	// Services defines the list of Service.
+	// It can contain any combination of TraefikService and/or reference to a Kubernetes Service.
+	Services []ServiceApplyConfiguration `json:"services,omitempty"`
+	// Middlewares defines the list of references to Middleware resources.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/middleware/
+	Middlewares []MiddlewareRefApplyConfiguration `json:"middlewares,omitempty"`
+	// Observability defines the observability configuration for a router.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/routing/observability/
 	Observability *dynamic.RouterObservabilityConfig `json:"observability,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/routetcp.go

@@ -28,11 +28,23 @@ package v1alpha1
 
 // RouteTCPApplyConfiguration represents a declarative configuration of the RouteTCP type for use
 // with apply.
+//
+// RouteTCP holds the TCP route configuration.
 type RouteTCPApplyConfiguration struct {
-	Match       *string                             `json:"match,omitempty"`
-	Priority    *int                                `json:"priority,omitempty"`
-	Syntax      *string                             `json:"syntax,omitempty"`
-	Services    []ServiceTCPApplyConfiguration      `json:"services,omitempty"`
+	// Match defines the router's rule.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/routing/rules-and-priority/
+	Match *string `json:"match,omitempty"`
+	// Priority defines the router's priority.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
+	Priority *int `json:"priority,omitempty"`
+	// Syntax defines the router's rule syntax.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
+	//
+	// Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
+	Syntax *string `json:"syntax,omitempty"`
+	// Services defines the list of TCP services.
+	Services []ServiceTCPApplyConfiguration `json:"services,omitempty"`
+	// Middlewares defines the list of references to MiddlewareTCP resources.
 	Middlewares []ObjectReferenceApplyConfiguration `json:"middlewares,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/routeudp.go

@@ -28,7 +28,10 @@ package v1alpha1
 
 // RouteUDPApplyConfiguration represents a declarative configuration of the RouteUDP type for use
 // with apply.
+//
+// RouteUDP holds the UDP route configuration.
 type RouteUDPApplyConfiguration struct {
+	// Services defines the list of UDP services.
 	Services []ServiceUDPApplyConfiguration `json:"services,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/serverhealthcheck.go

@@ -33,18 +33,37 @@ import (
 // ServerHealthCheckApplyConfiguration represents a declarative configuration of the ServerHealthCheck type for use
 // with apply.
 type ServerHealthCheckApplyConfiguration struct {
-	Scheme            *string             `json:"scheme,omitempty"`
-	Mode              *string             `json:"mode,omitempty"`
-	Path              *string             `json:"path,omitempty"`
-	Method            *string             `json:"method,omitempty"`
-	Status            *int                `json:"status,omitempty"`
-	Port              *int                `json:"port,omitempty"`
-	Interval          *intstr.IntOrString `json:"interval,omitempty"`
+	// Scheme replaces the server URL scheme for the health check endpoint.
+	Scheme *string `json:"scheme,omitempty"`
+	// Mode defines the health check mode.
+	// If defined to grpc, will use the gRPC health check protocol to probe the server.
+	// Default: http
+	Mode *string `json:"mode,omitempty"`
+	// Path defines the server URL path for the health check endpoint.
+	Path *string `json:"path,omitempty"`
+	// Method defines the healthcheck method.
+	Method *string `json:"method,omitempty"`
+	// Status defines the expected HTTP status code of the response to the health check request.
+	Status *int `json:"status,omitempty"`
+	// Port defines the server URL port for the health check endpoint.
+	Port *int `json:"port,omitempty"`
+	// Interval defines the frequency of the health check calls for healthy targets.
+	// Default: 30s
+	Interval *intstr.IntOrString `json:"interval,omitempty"`
+	// UnhealthyInterval defines the frequency of the health check calls for unhealthy targets.
+	// When UnhealthyInterval is not defined, it defaults to the Interval value.
+	// Default: 30s
 	UnhealthyInterval *intstr.IntOrString `json:"unhealthyInterval,omitempty"`
-	Timeout           *intstr.IntOrString `json:"timeout,omitempty"`
-	Hostname          *string             `json:"hostname,omitempty"`
-	FollowRedirects   *bool               `json:"followRedirects,omitempty"`
-	Headers           map[string]string   `json:"headers,omitempty"`
+	// Timeout defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
+	// Default: 5s
+	Timeout *intstr.IntOrString `json:"timeout,omitempty"`
+	// Hostname defines the value of hostname in the Host header of the health check request.
+	Hostname *string `json:"hostname,omitempty"`
+	// FollowRedirects defines whether redirects should be followed during the health check calls.
+	// Default: true
+	FollowRedirects *bool `json:"followRedirects,omitempty"`
+	// Headers defines custom headers to be sent to the health check endpoint.
+	Headers map[string]string `json:"headers,omitempty"`
 }
 
 // ServerHealthCheckApplyConfiguration constructs a declarative configuration of the ServerHealthCheck type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/serverstransport.go

@@ -34,8 +34,15 @@ import (
 
 // ServersTransportApplyConfiguration represents a declarative configuration of the ServersTransport type for use
 // with apply.
+//
+// ServersTransport is the CRD implementation of a ServersTransport.
+// If no serversTransport is specified, the default@internal will be used.
+// The default@internal serversTransport is created from the static configuration.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/load-balancing/serverstransport/
 type ServersTransportApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *ServersTransportSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +57,7 @@ func ServersTransport(name, namespace string) *ServersTransportApplyConfiguratio
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b ServersTransportApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/serverstransportspec.go

@@ -32,20 +32,37 @@ import (
 
 // ServersTransportSpecApplyConfiguration represents a declarative configuration of the ServersTransportSpec type for use
 // with apply.
+//
+// ServersTransportSpec defines the desired state of a ServersTransport.
 type ServersTransportSpecApplyConfiguration struct {
-	ServerName          *string                               `json:"serverName,omitempty"`
-	InsecureSkipVerify  *bool                                 `json:"insecureSkipVerify,omitempty"`
-	RootCAs             []RootCAApplyConfiguration            `json:"rootCAs,omitempty"`
-	RootCAsSecrets      []string                              `json:"rootCAsSecrets,omitempty"`
-	CertificatesSecrets []string                              `json:"certificatesSecrets,omitempty"`
-	CipherSuites        []string                              `json:"cipherSuites,omitempty"`
-	MinVersion          *string                               `json:"minVersion,omitempty"`
-	MaxVersion          *string                               `json:"maxVersion,omitempty"`
-	MaxIdleConnsPerHost *int                                  `json:"maxIdleConnsPerHost,omitempty"`
-	ForwardingTimeouts  *ForwardingTimeoutsApplyConfiguration `json:"forwardingTimeouts,omitempty"`
-	DisableHTTP2        *bool                                 `json:"disableHTTP2,omitempty"`
-	PeerCertURI         *string                               `json:"peerCertURI,omitempty"`
-	Spiffe              *dynamic.Spiffe                       `json:"spiffe,omitempty"`
+	// ServerName defines the server name used to contact the server.
+	ServerName *string `json:"serverName,omitempty"`
+	// InsecureSkipVerify disables SSL certificate verification.
+	InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
+	// RootCAs defines a list of CA certificate Secrets or ConfigMaps used to validate server certificates.
+	RootCAs []RootCAApplyConfiguration `json:"rootCAs,omitempty"`
+	// RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
+	//
+	// Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
+	RootCAsSecrets []string `json:"rootCAsSecrets,omitempty"`
+	// CertificatesSecrets defines a list of secret storing client certificates for mTLS.
+	CertificatesSecrets []string `json:"certificatesSecrets,omitempty"`
+	// CipherSuites defines the cipher suites to use when contacting backend servers.
+	CipherSuites []string `json:"cipherSuites,omitempty"`
+	// MinVersion defines the minimum TLS version to use when contacting backend servers.
+	MinVersion *string `json:"minVersion,omitempty"`
+	// MaxVersion defines the maximum TLS version to use when contacting backend servers.
+	MaxVersion *string `json:"maxVersion,omitempty"`
+	// MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
+	MaxIdleConnsPerHost *int `json:"maxIdleConnsPerHost,omitempty"`
+	// ForwardingTimeouts defines the timeouts for requests forwarded to the backend servers.
+	ForwardingTimeouts *ForwardingTimeoutsApplyConfiguration `json:"forwardingTimeouts,omitempty"`
+	// DisableHTTP2 disables HTTP/2 for connections with backend servers.
+	DisableHTTP2 *bool `json:"disableHTTP2,omitempty"`
+	// PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
+	PeerCertURI *string `json:"peerCertURI,omitempty"`
+	// Spiffe defines the SPIFFE configuration.
+	Spiffe *dynamic.Spiffe `json:"spiffe,omitempty"`
 }
 
 // ServersTransportSpecApplyConfiguration constructs a declarative configuration of the ServersTransportSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/serverstransporttcp.go

@@ -34,8 +34,15 @@ import (
 
 // ServersTransportTCPApplyConfiguration represents a declarative configuration of the ServersTransportTCP type for use
 // with apply.
+//
+// ServersTransportTCP is the CRD implementation of a TCPServersTransport.
+// If no tcpServersTransport is specified, a default one named default@internal will be used.
+// The default@internal tcpServersTransport can be configured in the static configuration.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/serverstransport/
 type ServersTransportTCPApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *ServersTransportTCPSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +57,7 @@ func ServersTransportTCP(name, namespace string) *ServersTransportTCPApplyConfig
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b ServersTransportTCPApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/serverstransporttcpspec.go

@@ -33,12 +33,19 @@ import (
 
 // ServersTransportTCPSpecApplyConfiguration represents a declarative configuration of the ServersTransportTCPSpec type for use
 // with apply.
+//
+// ServersTransportTCPSpec defines the desired state of a ServersTransportTCP.
 type ServersTransportTCPSpecApplyConfiguration struct {
-	DialTimeout      *intstr.IntOrString                `json:"dialTimeout,omitempty"`
-	DialKeepAlive    *intstr.IntOrString                `json:"dialKeepAlive,omitempty"`
-	ProxyProtocol    *dynamic.ProxyProtocol             `json:"proxyProtocol,omitempty"`
-	TerminationDelay *intstr.IntOrString                `json:"terminationDelay,omitempty"`
-	TLS              *TLSClientConfigApplyConfiguration `json:"tls,omitempty"`
+	// DialTimeout is the amount of time to wait until a connection to a backend server can be established.
+	DialTimeout *intstr.IntOrString `json:"dialTimeout,omitempty"`
+	// DialKeepAlive is the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled.
+	DialKeepAlive *intstr.IntOrString `json:"dialKeepAlive,omitempty"`
+	// ProxyProtocol holds the PROXY Protocol configuration.
+	ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
+	// TerminationDelay defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability.
+	TerminationDelay *intstr.IntOrString `json:"terminationDelay,omitempty"`
+	// TLS defines the TLS configuration
+	TLS *TLSClientConfigApplyConfiguration `json:"tls,omitempty"`
 }
 
 // ServersTransportTCPSpecApplyConfiguration constructs a declarative configuration of the ServersTransportTCPSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/service.go

@@ -33,6 +33,8 @@ import (
 
 // ServiceApplyConfiguration represents a declarative configuration of the Service type for use
 // with apply.
+//
+// Service defines an upstream HTTP service to proxy traffic to.
 type ServiceApplyConfiguration struct {
 	LoadBalancerSpecApplyConfiguration `json:",inline"`
 }

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/servicetcp.go

@@ -33,17 +33,47 @@ import (
 
 // ServiceTCPApplyConfiguration represents a declarative configuration of the ServiceTCP type for use
 // with apply.
+//
+// ServiceTCP defines an upstream TCP service to proxy traffic to.
 type ServiceTCPApplyConfiguration struct {
-	Name             *string                `json:"name,omitempty"`
-	Namespace        *string                `json:"namespace,omitempty"`
-	Port             *intstr.IntOrString    `json:"port,omitempty"`
-	Weight           *int                   `json:"weight,omitempty"`
-	TerminationDelay *int                   `json:"terminationDelay,omitempty"`
-	ProxyProtocol    *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
-	ServersTransport *string                `json:"serversTransport,omitempty"`
-	TLS              *bool                  `json:"tls,omitempty"`
-	NativeLB         *bool                  `json:"nativeLB,omitempty"`
-	NodePortLB       *bool                  `json:"nodePortLB,omitempty"`
+	// Name defines the name of the referenced Kubernetes Service.
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced Kubernetes Service.
+	Namespace *string `json:"namespace,omitempty"`
+	// Port defines the port of a Kubernetes Service.
+	// This can be a reference to a named port.
+	Port *intstr.IntOrString `json:"port,omitempty"`
+	// Weight defines the weight used when balancing requests between multiple Kubernetes Service.
+	Weight *int `json:"weight,omitempty"`
+	// TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates
+	// it has closed the writing capability of its connection, to close the reading capability as well,
+	// hence fully terminating the connection.
+	// It is a duration in milliseconds, defaulting to 100.
+	// A negative value means an infinite deadline (i.e. the reading capability is never closed).
+	//
+	// Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
+	TerminationDelay *int `json:"terminationDelay,omitempty"`
+	// ProxyProtocol defines the PROXY protocol configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/service/#proxy-protocol
+	//
+	// Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
+	ProxyProtocol *dynamic.ProxyProtocol `json:"proxyProtocol,omitempty"`
+	// ServersTransport defines the name of ServersTransportTCP resource to use.
+	// It allows to configure the transport between Traefik and your servers.
+	// Can only be used on a Kubernetes Service.
+	ServersTransport *string `json:"serversTransport,omitempty"`
+	// TLS determines whether to use TLS when dialing with the backend.
+	TLS *bool `json:"tls,omitempty"`
+	// NativeLB controls, when creating the load-balancer,
+	// whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+	// The Kubernetes Service itself does load-balance to the pods.
+	// By default, NativeLB is false.
+	NativeLB *bool `json:"nativeLB,omitempty"`
+	// NodePortLB controls, when creating the load-balancer,
+	// whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.
+	// It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
+	// By default, NodePortLB is false.
+	NodePortLB *bool `json:"nodePortLB,omitempty"`
 }
 
 // ServiceTCPApplyConfiguration constructs a declarative configuration of the ServiceTCP type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/serviceudp.go

@@ -32,13 +32,28 @@ import (
 
 // ServiceUDPApplyConfiguration represents a declarative configuration of the ServiceUDP type for use
 // with apply.
+//
+// ServiceUDP defines an upstream UDP service to proxy traffic to.
 type ServiceUDPApplyConfiguration struct {
-	Name       *string             `json:"name,omitempty"`
-	Namespace  *string             `json:"namespace,omitempty"`
-	Port       *intstr.IntOrString `json:"port,omitempty"`
-	Weight     *int                `json:"weight,omitempty"`
-	NativeLB   *bool               `json:"nativeLB,omitempty"`
-	NodePortLB *bool               `json:"nodePortLB,omitempty"`
+	// Name defines the name of the referenced Kubernetes Service.
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced Kubernetes Service.
+	Namespace *string `json:"namespace,omitempty"`
+	// Port defines the port of a Kubernetes Service.
+	// This can be a reference to a named port.
+	Port *intstr.IntOrString `json:"port,omitempty"`
+	// Weight defines the weight used when balancing requests between multiple Kubernetes Service.
+	Weight *int `json:"weight,omitempty"`
+	// NativeLB controls, when creating the load-balancer,
+	// whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP.
+	// The Kubernetes Service itself does load-balance to the pods.
+	// By default, NativeLB is false.
+	NativeLB *bool `json:"nativeLB,omitempty"`
+	// NodePortLB controls, when creating the load-balancer,
+	// whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort.
+	// It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.
+	// By default, NodePortLB is false.
+	NodePortLB *bool `json:"nodePortLB,omitempty"`
 }
 
 // ServiceUDPApplyConfiguration constructs a declarative configuration of the ServiceUDP type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tls.go

@@ -32,12 +32,26 @@ import (
 
 // TLSApplyConfiguration represents a declarative configuration of the TLS type for use
 // with apply.
+//
+// TLS holds the TLS configuration.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/overview/
 type TLSApplyConfiguration struct {
-	SecretName   *string                         `json:"secretName,omitempty"`
-	Options      *TLSOptionRefApplyConfiguration `json:"options,omitempty"`
-	Store        *TLSStoreRefApplyConfiguration  `json:"store,omitempty"`
-	CertResolver *string                         `json:"certResolver,omitempty"`
-	Domains      []types.Domain                  `json:"domains,omitempty"`
+	// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
+	SecretName *string `json:"secretName,omitempty"`
+	// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+	// If not defined, the `default` TLSOption is used.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-options/
+	Options *TLSOptionRefApplyConfiguration `json:"options,omitempty"`
+	// Store defines the reference to the TLSStore, that will be used to store certificates.
+	// Please note that only `default` TLSStore can be used.
+	Store *TLSStoreRefApplyConfiguration `json:"store,omitempty"`
+	// CertResolver defines the name of the certificate resolver to use.
+	// Cert resolvers have to be configured in the static configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/install-configuration/tls/certificate-resolvers/acme/
+	CertResolver *string `json:"certResolver,omitempty"`
+	// Domains defines the list of domains that will be used to issue certificates.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-certificates/#domains
+	Domains []types.Domain `json:"domains,omitempty"`
 }
 
 // TLSApplyConfiguration constructs a declarative configuration of the TLS type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsclientconfig.go

@@ -32,14 +32,26 @@ import (
 
 // TLSClientConfigApplyConfiguration represents a declarative configuration of the TLSClientConfig type for use
 // with apply.
+//
+// TLSClientConfig defines the desired state of a TLSClientConfig.
 type TLSClientConfigApplyConfiguration struct {
-	ServerName          *string                    `json:"serverName,omitempty"`
-	InsecureSkipVerify  *bool                      `json:"insecureSkipVerify,omitempty"`
-	RootCAs             []RootCAApplyConfiguration `json:"rootCAs,omitempty"`
-	RootCAsSecrets      []string                   `json:"rootCAsSecrets,omitempty"`
-	CertificatesSecrets []string                   `json:"certificatesSecrets,omitempty"`
-	PeerCertURI         *string                    `json:"peerCertURI,omitempty"`
-	Spiffe              *dynamic.Spiffe            `json:"spiffe,omitempty"`
+	// ServerName defines the server name used to contact the server.
+	ServerName *string `json:"serverName,omitempty"`
+	// InsecureSkipVerify disables TLS certificate verification.
+	InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
+	// RootCAs defines a list of CA certificate Secrets or ConfigMaps used to validate server certificates.
+	RootCAs []RootCAApplyConfiguration `json:"rootCAs,omitempty"`
+	// RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
+	//
+	// Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
+	RootCAsSecrets []string `json:"rootCAsSecrets,omitempty"`
+	// CertificatesSecrets defines a list of secret storing client certificates for mTLS.
+	CertificatesSecrets []string `json:"certificatesSecrets,omitempty"`
+	// MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host.
+	// PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification.
+	PeerCertURI *string `json:"peerCertURI,omitempty"`
+	// Spiffe defines the SPIFFE configuration.
+	Spiffe *dynamic.Spiffe `json:"spiffe,omitempty"`
 }
 
 // TLSClientConfigApplyConfiguration constructs a declarative configuration of the TLSClientConfig type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsoption.go

@@ -34,8 +34,13 @@ import (
 
 // TLSOptionApplyConfiguration represents a declarative configuration of the TLSOption type for use
 // with apply.
+//
+// TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
 type TLSOptionApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *TLSOptionSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +55,7 @@ func TLSOption(name, namespace string) *TLSOptionApplyConfiguration {
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b TLSOptionApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsoptionref.go

@@ -28,8 +28,14 @@ package v1alpha1
 
 // TLSOptionRefApplyConfiguration represents a declarative configuration of the TLSOptionRef type for use
 // with apply.
+//
+// TLSOptionRef is a reference to a TLSOption resource.
 type TLSOptionRefApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
+	// Name defines the name of the referenced TLSOption.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/tlsoption/
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced TLSOption.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/tlsoption/
 	Namespace *string `json:"namespace,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsoptionspec.go

@@ -28,16 +28,37 @@ package v1alpha1
 
 // TLSOptionSpecApplyConfiguration represents a declarative configuration of the TLSOptionSpec type for use
 // with apply.
+//
+// TLSOptionSpec defines the desired state of a TLSOption.
 type TLSOptionSpecApplyConfiguration struct {
-	MinVersion               *string                       `json:"minVersion,omitempty"`
-	MaxVersion               *string                       `json:"maxVersion,omitempty"`
-	CipherSuites             []string                      `json:"cipherSuites,omitempty"`
-	CurvePreferences         []string                      `json:"curvePreferences,omitempty"`
-	ClientAuth               *ClientAuthApplyConfiguration `json:"clientAuth,omitempty"`
-	SniStrict                *bool                         `json:"sniStrict,omitempty"`
-	ALPNProtocols            []string                      `json:"alpnProtocols,omitempty"`
-	DisableSessionTickets    *bool                         `json:"disableSessionTickets,omitempty"`
-	PreferServerCipherSuites *bool                         `json:"preferServerCipherSuites,omitempty"`
+	// MinVersion defines the minimum TLS version that Traefik will accept.
+	// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+	// Default: VersionTLS10.
+	MinVersion *string `json:"minVersion,omitempty"`
+	// MaxVersion defines the maximum TLS version that Traefik will accept.
+	// Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
+	// Default: None.
+	MaxVersion *string `json:"maxVersion,omitempty"`
+	// CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
+	CipherSuites []string `json:"cipherSuites,omitempty"`
+	// CurvePreferences defines the preferred elliptic curves.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
+	CurvePreferences []string `json:"curvePreferences,omitempty"`
+	// ClientAuth defines the server's policy for TLS Client Authentication.
+	ClientAuth *ClientAuthApplyConfiguration `json:"clientAuth,omitempty"`
+	// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
+	SniStrict *bool `json:"sniStrict,omitempty"`
+	// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
+	ALPNProtocols []string `json:"alpnProtocols,omitempty"`
+	// DisableSessionTickets disables TLS session resumption via session tickets.
+	DisableSessionTickets *bool `json:"disableSessionTickets,omitempty"`
+	// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
+	// It is enabled automatically when minVersion or maxVersion is set.
+	//
+	// Deprecated: https://github.com/golang/go/issues/45430
+	PreferServerCipherSuites *bool `json:"preferServerCipherSuites,omitempty"`
 }
 
 // TLSOptionSpecApplyConfiguration constructs a declarative configuration of the TLSOptionSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsstore.go

@@ -34,8 +34,15 @@ import (
 
 // TLSStoreApplyConfiguration represents a declarative configuration of the TLSStore type for use
 // with apply.
+//
+// TLSStore is the CRD implementation of a Traefik TLS Store.
+// For the time being, only the TLSStore named default is supported.
+// This means that you cannot have two stores that are named default in different Kubernetes namespaces.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
 type TLSStoreApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *TLSStoreSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +57,7 @@ func TLSStore(name, namespace string) *TLSStoreApplyConfiguration {
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b TLSStoreApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsstoreref.go

@@ -28,8 +28,14 @@ package v1alpha1
 
 // TLSStoreRefApplyConfiguration represents a declarative configuration of the TLSStoreRef type for use
 // with apply.
+//
+// TLSStoreRef is a reference to a TLSStore resource.
 type TLSStoreRefApplyConfiguration struct {
-	Name      *string `json:"name,omitempty"`
+	// Name defines the name of the referenced TLSStore.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/tlsstore/
+	Name *string `json:"name,omitempty"`
+	// Namespace defines the namespace of the referenced TLSStore.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/tlsstore/
 	Namespace *string `json:"namespace,omitempty"`
 }
 

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlsstorespec.go

@@ -32,10 +32,15 @@ import (
 
 // TLSStoreSpecApplyConfiguration represents a declarative configuration of the TLSStoreSpec type for use
 // with apply.
+//
+// TLSStoreSpec defines the desired state of a TLSStore.
 type TLSStoreSpecApplyConfiguration struct {
-	DefaultCertificate   *CertificateApplyConfiguration  `json:"defaultCertificate,omitempty"`
-	DefaultGeneratedCert *tls.GeneratedCert              `json:"defaultGeneratedCert,omitempty"`
-	Certificates         []CertificateApplyConfiguration `json:"certificates,omitempty"`
+	// DefaultCertificate defines the default certificate configuration.
+	DefaultCertificate *CertificateApplyConfiguration `json:"defaultCertificate,omitempty"`
+	// DefaultGeneratedCert defines the default generated certificate configuration.
+	DefaultGeneratedCert *tls.GeneratedCert `json:"defaultGeneratedCert,omitempty"`
+	// Certificates is a list of secret names, each secret holding a key/certificate pair to add to the store.
+	Certificates []CertificateApplyConfiguration `json:"certificates,omitempty"`
 }
 
 // TLSStoreSpecApplyConfiguration constructs a declarative configuration of the TLSStoreSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/tlstcp.go

@@ -32,13 +32,28 @@ import (
 
 // TLSTCPApplyConfiguration represents a declarative configuration of the TLSTCP type for use
 // with apply.
+//
+// TLSTCP holds the TLS configuration for an IngressRouteTCP.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/tls/
 type TLSTCPApplyConfiguration struct {
-	SecretName   *string                            `json:"secretName,omitempty"`
-	Passthrough  *bool                              `json:"passthrough,omitempty"`
-	Options      *ObjectReferenceApplyConfiguration `json:"options,omitempty"`
-	Store        *ObjectReferenceApplyConfiguration `json:"store,omitempty"`
-	CertResolver *string                            `json:"certResolver,omitempty"`
-	Domains      []types.Domain                     `json:"domains,omitempty"`
+	// SecretName is the name of the referenced Kubernetes Secret to specify the certificate details.
+	SecretName *string `json:"secretName,omitempty"`
+	// Passthrough defines whether a TLS router will terminate the TLS connection.
+	Passthrough *bool `json:"passthrough,omitempty"`
+	// Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
+	// If not defined, the `default` TLSOption is used.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/tls/#tls-options
+	Options *ObjectReferenceApplyConfiguration `json:"options,omitempty"`
+	// Store defines the reference to the TLSStore, that will be used to store certificates.
+	// Please note that only `default` TLSStore can be used.
+	Store *ObjectReferenceApplyConfiguration `json:"store,omitempty"`
+	// CertResolver defines the name of the certificate resolver to use.
+	// Cert resolvers have to be configured in the static configuration.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/install-configuration/tls/certificate-resolvers/acme/
+	CertResolver *string `json:"certResolver,omitempty"`
+	// Domains defines the list of domains that will be used to issue certificates.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/tcp/tls/#domains
+	Domains []types.Domain `json:"domains,omitempty"`
 }
 
 // TLSTCPApplyConfiguration constructs a declarative configuration of the TLSTCP type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/traefikservice.go

@@ -34,8 +34,16 @@ import (
 
 // TraefikServiceApplyConfiguration represents a declarative configuration of the TraefikService type for use
 // with apply.
+//
+// TraefikService is the CRD implementation of a Traefik Service.
+// TraefikService object allows to:
+// - Apply weight to Services on load-balancing
+// - Mirror traffic on services
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/traefikservice/
 type TraefikServiceApplyConfiguration struct {
-	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	v1.TypeMetaApplyConfiguration `json:",inline"`
+	// Standard object's metadata.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
 	Spec                             *TraefikServiceSpecApplyConfiguration `json:"spec,omitempty"`
 }
@@ -50,6 +58,7 @@ func TraefikService(name, namespace string) *TraefikServiceApplyConfiguration {
 	b.WithAPIVersion("traefik.io/v1alpha1")
 	return b
 }
+
 func (b TraefikServiceApplyConfiguration) IsApplyConfiguration() {}
 
 // WithKind sets the Kind field in the declarative configuration to the given value

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/traefikservicespec.go

@@ -28,11 +28,17 @@ package v1alpha1
 
 // TraefikServiceSpecApplyConfiguration represents a declarative configuration of the TraefikServiceSpec type for use
 // with apply.
+//
+// TraefikServiceSpec defines the desired state of a TraefikService.
 type TraefikServiceSpecApplyConfiguration struct {
-	Weighted            *WeightedRoundRobinApplyConfiguration  `json:"weighted,omitempty"`
-	Mirroring           *MirroringApplyConfiguration           `json:"mirroring,omitempty"`
+	// Weighted defines the Weighted Round Robin configuration.
+	Weighted *WeightedRoundRobinApplyConfiguration `json:"weighted,omitempty"`
+	// Mirroring defines the Mirroring service configuration.
+	Mirroring *MirroringApplyConfiguration `json:"mirroring,omitempty"`
+	// HighestRandomWeight defines the highest random weight service configuration.
 	HighestRandomWeight *HighestRandomWeightApplyConfiguration `json:"highestRandomWeight,omitempty"`
-	Failover            *FailoverApplyConfiguration            `json:"failover,omitempty"`
+	// Failover defines the Failover service configuration.
+	Failover *FailoverApplyConfiguration `json:"failover,omitempty"`
 }
 
 // TraefikServiceSpecApplyConfiguration constructs a declarative configuration of the TraefikServiceSpec type for use with

pkg/provider/kubernetes/crd/generated/applyconfiguration/traefikio/v1alpha1/weightedroundrobin.go

@@ -32,9 +32,15 @@ import (
 
 // WeightedRoundRobinApplyConfiguration represents a declarative configuration of the WeightedRoundRobin type for use
 // with apply.
+//
+// WeightedRoundRobin holds the weighted round-robin configuration.
+// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/http/load-balancing/service/#weighted-round-robin-wrr
 type WeightedRoundRobinApplyConfiguration struct {
+	// Services defines the list of Kubernetes Service and/or TraefikService to load-balance, with weight.
 	Services []ServiceApplyConfiguration `json:"services,omitempty"`
-	Sticky   *dynamic.Sticky             `json:"sticky,omitempty"`
+	// Sticky defines whether sticky sessions are enabled.
+	// More info: https://doc.traefik.io/traefik/v3.7/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
+	Sticky *dynamic.Sticky `json:"sticky,omitempty"`
 }
 
 // WeightedRoundRobinApplyConfiguration constructs a declarative configuration of the WeightedRoundRobin type for use with

pkg/provider/kubernetes/crd/generated/clientset/versioned/fake/clientset_generated.go

@@ -44,7 +44,7 @@ import (
 // without applying any field management, validations and/or defaults. It shouldn't be considered a replacement
 // for a real clientset and is mostly useful in simple unit tests.
 //
-// DEPRECATED: NewClientset replaces this with support for field management, which significantly improves
+// Deprecated: NewClientset replaces this with support for field management, which significantly improves
 // server side apply testing. NewClientset is only available when apply configurations are generated (e.g.
 // via --with-applyconfig).
 func NewSimpleClientset(objects ...runtime.Object) *Clientset {
@@ -60,8 +60,8 @@ func NewSimpleClientset(objects ...runtime.Object) *Clientset {
 	cs.AddReactor("*", "*", testing.ObjectReaction(o))
 	cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) {
 		var opts metav1.ListOptions
-		if watchActcion, ok := action.(testing.WatchActionImpl); ok {
-			opts = watchActcion.ListOptions
+		if watchAction, ok := action.(testing.WatchActionImpl); ok {
+			opts = watchAction.ListOptions
 		}
 		gvr := action.GetResource()
 		ns := action.GetNamespace()
@@ -92,6 +92,17 @@ func (c *Clientset) Tracker() testing.ObjectTracker {
 	return c.tracker
 }
 
+// IsWatchListSemanticsSupported informs the reflector that this client
+// doesn't support WatchList semantics.
+//
+// This is a synthetic method whose sole purpose is to satisfy the optional
+// interface check performed by the reflector.
+// Returning true signals that WatchList can NOT be used.
+// No additional logic is implemented here.
+func (c *Clientset) IsWatchListSemanticsUnSupported() bool {
+	return true
+}
+
 // NewClientset returns a clientset that will respond with the provided objects.
 // It's backed by a very simple object tracker that processes creates, updates and deletions as-is,
 // without applying any validations and/or defaults. It shouldn't be considered a replacement

pkg/provider/kubernetes/crd/generated/informers/externalversions/factory.go

@@ -105,6 +105,7 @@ func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Dur
 // NewFilteredSharedInformerFactory constructs a new instance of sharedInformerFactory.
 // Listers obtained via this SharedInformerFactory will be subject to the same filters
 // as specified here.
+//
 // Deprecated: Please use NewSharedInformerFactoryWithOptions instead
 func NewFilteredSharedInformerFactory(client versioned.Interface, defaultResync time.Duration, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) SharedInformerFactory {
 	return NewSharedInformerFactoryWithOptions(client, defaultResync, WithNamespace(namespace), WithTweakListOptions(tweakListOptions))
@@ -212,7 +213,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
 //
 // It is typically used like this:
 //
-//	ctx, cancel := context.Background()
+//	ctx, cancel := context.WithCancel(context.Background())
 //	defer cancel()
 //	factory := NewSharedInformerFactory(client, resyncPeriod)
 //	defer factory.WaitForStop()    // Returns immediately if nothing was started.

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroute.go

@@ -65,7 +65,7 @@ func NewIngressRouteInformer(client versioned.Interface, namespace string, resyn
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredIngressRouteInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredIngressRouteInformer(client versioned.Interface, namespace strin
 				}
 				return client.TraefikV1alpha1().IngressRoutes(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.IngressRoute{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressroutetcp.go

@@ -65,7 +65,7 @@ func NewIngressRouteTCPInformer(client versioned.Interface, namespace string, re
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredIngressRouteTCPInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredIngressRouteTCPInformer(client versioned.Interface, namespace st
 				}
 				return client.TraefikV1alpha1().IngressRouteTCPs(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.IngressRouteTCP{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/ingressrouteudp.go

@@ -65,7 +65,7 @@ func NewIngressRouteUDPInformer(client versioned.Interface, namespace string, re
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredIngressRouteUDPInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredIngressRouteUDPInformer(client versioned.Interface, namespace st
 				}
 				return client.TraefikV1alpha1().IngressRouteUDPs(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.IngressRouteUDP{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middleware.go

@@ -65,7 +65,7 @@ func NewMiddlewareInformer(client versioned.Interface, namespace string, resyncP
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredMiddlewareInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredMiddlewareInformer(client versioned.Interface, namespace string,
 				}
 				return client.TraefikV1alpha1().Middlewares(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.Middleware{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/middlewaretcp.go

@@ -65,7 +65,7 @@ func NewMiddlewareTCPInformer(client versioned.Interface, namespace string, resy
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredMiddlewareTCPInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredMiddlewareTCPInformer(client versioned.Interface, namespace stri
 				}
 				return client.TraefikV1alpha1().MiddlewareTCPs(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.MiddlewareTCP{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransport.go

@@ -65,7 +65,7 @@ func NewServersTransportInformer(client versioned.Interface, namespace string, r
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredServersTransportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredServersTransportInformer(client versioned.Interface, namespace s
 				}
 				return client.TraefikV1alpha1().ServersTransports(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.ServersTransport{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/serverstransporttcp.go

@@ -65,7 +65,7 @@ func NewServersTransportTCPInformer(client versioned.Interface, namespace string
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredServersTransportTCPInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredServersTransportTCPInformer(client versioned.Interface, namespac
 				}
 				return client.TraefikV1alpha1().ServersTransportTCPs(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.ServersTransportTCP{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsoption.go

@@ -65,7 +65,7 @@ func NewTLSOptionInformer(client versioned.Interface, namespace string, resyncPe
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredTLSOptionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredTLSOptionInformer(client versioned.Interface, namespace string,
 				}
 				return client.TraefikV1alpha1().TLSOptions(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.TLSOption{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/tlsstore.go

@@ -65,7 +65,7 @@ func NewTLSStoreInformer(client versioned.Interface, namespace string, resyncPer
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredTLSStoreInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredTLSStoreInformer(client versioned.Interface, namespace string, r
 				}
 				return client.TraefikV1alpha1().TLSStores(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.TLSStore{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/crd/generated/informers/externalversions/traefikio/v1alpha1/traefikservice.go

@@ -65,7 +65,7 @@ func NewTraefikServiceInformer(client versioned.Interface, namespace string, res
 // one. This reduces memory footprint and number of connections to the server.
 func NewFilteredTraefikServiceInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
-		&cache.ListWatch{
+		cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
@@ -90,7 +90,7 @@ func NewFilteredTraefikServiceInformer(client versioned.Interface, namespace str
 				}
 				return client.TraefikV1alpha1().TraefikServices(namespace).Watch(ctx, options)
 			},
-		},
+		}, client),
 		&crdtraefikiov1alpha1.TraefikService{},
 		resyncPeriod,
 		indexers,

pkg/provider/kubernetes/gateway/client.go

@@ -194,15 +194,16 @@ func (c *clientWrapper) WatchAll(namespaces []string, stopCh <-chan struct{}) (<
 			return nil, err
 		}
 
+		_, err = factoryGateway.Gateway().V1().TLSRoutes().Informer().AddEventHandler(eventHandler)
+		if err != nil {
+			return nil, err
+		}
+
 		if c.experimentalChannel {
 			_, err = factoryGateway.Gateway().V1alpha2().TCPRoutes().Informer().AddEventHandler(eventHandler)
 			if err != nil {
 				return nil, err
 			}
-			_, err = factoryGateway.Gateway().V1alpha2().TLSRoutes().Informer().AddEventHandler(eventHandler)
-			if err != nil {
-				return nil, err
-			}
 		}
 
 		factorySecret := kinformers.NewSharedInformerFactoryWithOptions(c.csKube, resyncPeriod, kinformers.WithNamespace(ns), kinformers.WithTweakListOptions(notOwnedByHelm))
@@ -319,10 +320,10 @@ func (c *clientWrapper) ListTCPRoutes() ([]*gatev1alpha2.TCPRoute, error) {
 	return tcpRoutes, nil
 }
 
-func (c *clientWrapper) ListTLSRoutes() ([]*gatev1alpha2.TLSRoute, error) {
-	var tlsRoutes []*gatev1alpha2.TLSRoute
+func (c *clientWrapper) ListTLSRoutes() ([]*gatev1.TLSRoute, error) {
+	var tlsRoutes []*gatev1.TLSRoute
 	for _, namespace := range c.watchedNamespaces {
-		routes, err := c.factoriesGateway[c.lookupNamespace(namespace)].Gateway().V1alpha2().TLSRoutes().Lister().TLSRoutes(namespace).List(labels.Everything())
+		routes, err := c.factoriesGateway[c.lookupNamespace(namespace)].Gateway().V1().TLSRoutes().Lister().TLSRoutes(namespace).List(labels.Everything())
 		if err != nil {
 			return nil, fmt.Errorf("listing TLS routes in namespace %s", namespace)
 		}
@@ -650,13 +651,13 @@ func (c *clientWrapper) UpdateTCPRouteStatus(ctx context.Context, route ktypes.N
 	return nil
 }
 
-func (c *clientWrapper) UpdateTLSRouteStatus(ctx context.Context, route ktypes.NamespacedName, status gatev1alpha2.TLSRouteStatus) error {
+func (c *clientWrapper) UpdateTLSRouteStatus(ctx context.Context, route ktypes.NamespacedName, status gatev1.TLSRouteStatus) error {
 	if !c.isWatchedNamespace(route.Namespace) {
 		return fmt.Errorf("updating TLSRoute status %s/%s: namespace is not within watched namespaces", route.Namespace, route.Name)
 	}
 
 	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
-		currentRoute, err := c.factoriesGateway[c.lookupNamespace(route.Namespace)].Gateway().V1alpha2().TLSRoutes().Lister().TLSRoutes(route.Namespace).Get(route.Name)
+		currentRoute, err := c.factoriesGateway[c.lookupNamespace(route.Namespace)].Gateway().V1().TLSRoutes().Lister().TLSRoutes(route.Namespace).Get(route.Name)
 		if err != nil {
 			// We have to return err itself here (not wrapped inside another error)
 			// so that RetryOnConflict can identify it correctly.
@@ -680,13 +681,13 @@ func (c *clientWrapper) UpdateTLSRouteStatus(ctx context.Context, route ktypes.N
 		}
 
 		currentRoute = currentRoute.DeepCopy()
-		currentRoute.Status = gatev1alpha2.TLSRouteStatus{
+		currentRoute.Status = gatev1.TLSRouteStatus{
 			RouteStatus: gatev1.RouteStatus{
 				Parents: parentStatuses,
 			},
 		}
 
-		if _, err = c.csGateway.GatewayV1alpha2().TLSRoutes(route.Namespace).UpdateStatus(ctx, currentRoute, metav1.UpdateOptions{}); err != nil {
+		if _, err = c.csGateway.GatewayV1().TLSRoutes(route.Namespace).UpdateStatus(ctx, currentRoute, metav1.UpdateOptions{}); err != nil {
 			// We have to return err itself here (not wrapped inside another error)
 			// so that RetryOnConflict can identify it correctly.
 			return err
@@ -814,13 +815,13 @@ func policyAncestorStatusEqual(sA, sB gatev1.PolicyAncestorStatus) bool {
 		conditionsEqual(sA.Conditions, sB.Conditions)
 }
 
-func routeParentStatusesEqual(routeParentStatusesA, routeParentStatusesB []gatev1alpha2.RouteParentStatus) bool {
+func routeParentStatusesEqual(routeParentStatusesA, routeParentStatusesB []gatev1.RouteParentStatus) bool {
 	if len(routeParentStatusesA) != len(routeParentStatusesB) {
 		return false
 	}
 
 	for _, sA := range routeParentStatusesA {
-		if !slices.ContainsFunc(routeParentStatusesB, func(sB gatev1alpha2.RouteParentStatus) bool {
+		if !slices.ContainsFunc(routeParentStatusesB, func(sB gatev1.RouteParentStatus) bool {
 			return routeParentStatusEqual(sB, sA)
 		}) {
 			return false
@@ -828,7 +829,7 @@ func routeParentStatusesEqual(routeParentStatusesA, routeParentStatusesB []gatev
 	}
 
 	for _, sB := range routeParentStatusesB {
-		if !slices.ContainsFunc(routeParentStatusesA, func(sA gatev1alpha2.RouteParentStatus) bool {
+		if !slices.ContainsFunc(routeParentStatusesA, func(sA gatev1.RouteParentStatus) bool {
 			return routeParentStatusEqual(sA, sB)
 		}) {
 			return false
@@ -838,7 +839,7 @@ func routeParentStatusesEqual(routeParentStatusesA, routeParentStatusesB []gatev
 	return true
 }
 
-func routeParentStatusEqual(sA, sB gatev1alpha2.RouteParentStatus) bool {
+func routeParentStatusEqual(sA, sB gatev1.RouteParentStatus) bool {
 	return sA.ControllerName == sB.ControllerName &&
 		reflect.DeepEqual(sA.ParentRef, sB.ParentRef) &&
 		conditionsEqual(sA.Conditions, sB.Conditions)

pkg/provider/kubernetes/gateway/features.go

@@ -16,7 +16,8 @@ var SupportedFeatures = sync.OnceValue(func() []features.FeatureName {
 		Insert(features.ReferenceGrantCoreFeatures.UnsortedList()...).
 		Insert(features.BackendTLSPolicyCoreFeatures.UnsortedList()...).
 		Insert(features.GRPCRouteCoreFeatures.UnsortedList()...).
-		Insert(features.TLSRouteCoreFeatures.UnsortedList()...)
+		Insert(features.TLSRouteCoreFeatures.UnsortedList()...).
+		Insert(features.TLSRouteExtendedFeatures.Intersection(extendedTLSRouteFeatures()).UnsortedList()...)
 
 	featureNames := make([]features.FeatureName, 0, featureSet.Len())
 	for f := range featureSet {
@@ -30,6 +31,14 @@ func extendedGatewayFeatures() sets.Set[features.Feature] {
 	return sets.New(features.GatewayPort8080Feature)
 }
 
+// extendedTLSRouteFeatures returns the supported extended TLS Route features.
+func extendedTLSRouteFeatures() sets.Set[features.Feature] {
+	return sets.New(
+		features.TLSRouteModeTerminateFeature,
+		features.TLSRouteModeMixedFeature,
+	)
+}
+
 // extendedHTTPRouteFeatures returns the supported extended HTTP Route features.
 func extendedHTTPRouteFeatures() sets.Set[features.Feature] {
 	return sets.New(

pkg/provider/kubernetes/gateway/fixtures/mixed/simple.yml

@@ -148,7 +148,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/mixed/with_core_group.yml

@@ -121,7 +121,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-default
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/mixed/with_multiple_listeners_using_same_hostname_port_protocol.yml

@@ -166,7 +166,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/mixed/with_namespace_all.yml

@@ -144,7 +144,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-default
   namespace: default
@@ -220,7 +220,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-bar
   namespace: bar

pkg/provider/kubernetes/gateway/fixtures/mixed/with_namespace_same.yml

@@ -144,7 +144,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-default
   namespace: default
@@ -220,7 +220,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-bar
   namespace: bar

pkg/provider/kubernetes/gateway/fixtures/mixed/with_namespace_selector.yml

@@ -167,7 +167,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-default
   namespace: default
@@ -243,7 +243,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-bar
   namespace: bar

pkg/provider/kubernetes/gateway/fixtures/mixed/with_wrong_routes_selector.yml

@@ -50,7 +50,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_TLS_to_TLSRoute.yml

@@ -42,7 +42,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/tlsroute/simple_nativelb.yml

@@ -42,7 +42,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/tlsroute/with_SNI_matching.yml

@@ -30,7 +30,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/tlsroute/with_multiple_SNI_matching.yml

@@ -30,7 +30,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default

pkg/provider/kubernetes/gateway/fixtures/tlsroute/with_multiple_routes_kind.yml

@@ -76,7 +76,7 @@ spec:
 
 ---
 kind: TLSRoute
-apiVersion: gateway.networking.k8s.io/v1alpha2
+apiVersion: gateway.networking.k8s.io/v1
 metadata:
   name: tls-app-1
   namespace: default