Merge current v2.4 into v2.5

docs/content/getting-started/faq.md

@@ -124,3 +124,16 @@ http:
     If there is a need for a response code other than a `503` and/or a custom message,
     the principle of the above example above (a catchall router) still stands,
     but the `unavailable` service should be adapted to fit such a need.
+
+## Why Is My TLS Certificate Not Reloaded When Its Contents Change ? 
+
+With the file provider,
+a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
+
+Which is why, when a certificate is defined by path,
+and the actual contents of this certificate change,
+a configuration update is _not_ triggered.
+
+To take into account the new certificate contents, the update of the dynamic configuration must be forced.
+One way to achieve that, is to trigger a file notification,
+for example, by using the `touch` command on the configuration file.

docs/content/migration/v2.md

@@ -365,6 +365,17 @@ For more information, please read the [HTTP routers rule](../routing/routers/ind
 
 In `v2.4.9`, we changed span error to log only server errors (>= 500).
 
+## v2.4.9 to v2.4.10
+
+### K8S CrossNamespace
+
+In `v2.4.10`, the default value for `allowCrossNamespace` has been changed to `false`.
+
+### K8S ExternalName Service
+
+In `v2.4.10`, by default, it is no longer authorized to reference Kubernetes ExternalName services.
+To allow it, the `allowExternalNameServices` option should be set to `true`.
+
 ## v2.4 to v2.5
 
 ### Kubernetes CRD

docs/content/providers/kubernetes-crd.md

@@ -266,29 +266,48 @@ providers:
 
 ### `allowCrossNamespace`
 
-_Optional, Default: true_
+_Optional, Default: false_
 
-If the parameter is set to `false`, IngressRoutes are not able to reference any resources in other namespaces than theirs.
-
-!!! warning "Deprecation"
-
-    Please note that the default value for this option will be set to `false` in a future version.
+If the parameter is set to `true`, IngressRoutes are  able to reference  resources in other namespaces than theirs.
 
 ```yaml tab="File (YAML)"
 providers:
   kubernetesCRD:
-    allowCrossNamespace: false
+    allowCrossNamespace: true
     # ...
 ```
 
 ```toml tab="File (TOML)"
 [providers.kubernetesCRD]
-  allowCrossNamespace = false
+  allowCrossNamespace = true
   # ...
 ```
 
 ```bash tab="CLI"
---providers.kubernetescrd.allowCrossNamespace=false
+--providers.kubernetescrd.allowCrossNamespace=true
+```
+
+### `allowExternalNameServices`
+
+_Optional, Default: false_
+
+If the parameter is set to `true`, IngressRoutes are able to reference ExternalName services.
+
+```yaml tab="File (YAML)"
+providers:
+  kubernetesCRD:
+    allowExternalNameServices: true
+    # ...
+```
+
+```toml tab="File (TOML)"
+[providers.kubernetesCRD]
+  allowExternalNameServices = true
+  # ...
+```
+
+```bash tab="CLI"
+--providers.kubernetescrd.allowexternalnameservices=true
 ```
 
 ## Full Example

docs/content/providers/kubernetes-ingress.md

@@ -464,6 +464,29 @@ providers:
 Allow the creation of services if there are no endpoints available.
 This results in `503` http responses instead of `404`.
 
+### `allowExternalNameServices`
+
+_Optional, Default: false_
+
+If the parameter is set to `true`, Ingresses are able to reference ExternalName services.
+
+```yaml tab="File (YAML)"
+providers:
+  kubernetesIngress:
+    allowExternalNameServices: true
+    # ...
+```
+
+```toml tab="File (TOML)"
+[providers.kubernetesIngress]
+  allowExternalNameServices = true
+  # ...
+```
+
+```bash tab="CLI"
+--providers.kubernetesingress.allowexternalnameservices=true
+```
+
 ### Further
 
 To learn more about the various aspects of the Ingress specification that Traefik supports,

docs/content/reference/static-configuration/cli-ref.md

@@ -577,7 +577,10 @@ TLS key
 Enable Kubernetes backend with default settings. (Default: ```false```)
 
 `--providers.kubernetescrd.allowcrossnamespace`:  
-Allow cross namespace resource reference. (Default: ```true```)
+Allow cross namespace resource reference. (Default: ```false```)
+
+`--providers.kubernetescrd.allowexternalnameservices`:  
+Allow ExternalName services. (Default: ```false```)
 
 `--providers.kubernetescrd.certauthfilepath`:  
 Kubernetes certificate authority file path (not needed for in-cluster client).
@@ -627,6 +630,9 @@ Enable Kubernetes backend with default settings. (Default: ```false```)
 `--providers.kubernetesingress.allowemptyservices`:  
 Allow creation of services without endpoints. (Default: ```false```)
 
+`--providers.kubernetesingress.allowexternalnameservices`:  
+Allow ExternalName services. (Default: ```false```)
+
 `--providers.kubernetesingress.certauthfilepath`:  
 Kubernetes certificate authority file path (not needed for in-cluster client).
 

docs/content/reference/static-configuration/env-ref.md

@@ -577,7 +577,10 @@ TLS key
 Enable Kubernetes backend with default settings. (Default: ```false```)
 
 `TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWCROSSNAMESPACE`:  
-Allow cross namespace resource reference. (Default: ```true```)
+Allow cross namespace resource reference. (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWEXTERNALNAMESERVICES`:  
+Allow ExternalName services. (Default: ```false```)
 
 `TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:  
 Kubernetes certificate authority file path (not needed for in-cluster client).
@@ -627,6 +630,9 @@ Enable Kubernetes backend with default settings. (Default: ```false```)
 `TRAEFIK_PROVIDERS_KUBERNETESINGRESS_ALLOWEMPTYSERVICES`:  
 Allow creation of services without endpoints. (Default: ```false```)
 
+`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_ALLOWEXTERNALNAMESERVICES`:  
+Allow ExternalName services. (Default: ```false```)
+
 `TRAEFIK_PROVIDERS_KUBERNETESINGRESS_CERTAUTHFILEPATH`:  
 Kubernetes certificate authority file path (not needed for in-cluster client).