diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4a93e24..1a352fe 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,7 +10,7 @@ permissions:
   contents: read
 
 env:
-  GO_VERSION: ~1.24.10
+  GO_VERSION: ~1.26.0
 
 jobs:
   basic:
@@ -43,7 +43,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v9
         with:
-          version: v2.6.2
+          version: v2.9.0
   ginkgo:
     name: unit-test
     runs-on: ubuntu-latest
@@ -53,9 +53,9 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
           cache: false
       - uses: actions/checkout@v6
-      - run: go run github.com/onsi/ginkgo/v2/ginkgo@v2.27.2 -r --randomize-all --randomize-suites --race --trace --fail-on-pending --keep-going --vet off --cover
+      - run: go run github.com/onsi/ginkgo/v2/ginkgo@v2.28.1 -r --randomize-all --randomize-suites --race --trace --fail-on-pending --keep-going --vet off --cover
       - run: cat coverprofile.out | grep -v "zz_generated." > coverprofile.out.filtered
-      - uses: coverallsapp/github-action@v2
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          path-to-lcov: coverprofile.out.filtered
\ No newline at end of file
+      #- uses: coverallsapp/github-action@v2
+      #  with:
+      #    github-token: ${{ secrets.GITHUB_TOKEN }}
+      #    path-to-lcov: coverprofile.out.filtered
\ No newline at end of file
diff --git a/Containerfile b/Containerfile
index 1d63f18..f62ab8d 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,4 +1,4 @@
-FROM golang:1.24.10-bookworm as builder
+FROM golang:1.26.0-bookworm as builder
 
 WORKDIR /workspace
 COPY . /workspace
diff --git a/Makefile b/Makefile
index dd08646..8718c3c 100644
--- a/Makefile
+++ b/Makefile
@@ -24,15 +24,15 @@ helm-test:
 
 CONTROLLER_GEN = bin/controller-gen
 controller-gen:
-	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.19.0)
+	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.20.1)
 
 GOLANGCI_LINT = ./bin/golangci-lint
 colanci-lint-bin:
-	$(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.2)
+	$(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1)
 
 CRD_DOCS = bin/crd-ref-docs
 crd-docs-gen:
-	$(call go-get-tool,$(CRD_DOCS),github.com/elastic/crd-ref-docs@v0.2.0)
+	$(call go-get-tool,$(CRD_DOCS),github.com/elastic/crd-ref-docs@v0.3.0)
 
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool
@@ -45,4 +45,4 @@ endef
 
 GINKGO = ./bin/ginkgo
 ginkgo-bin:
-	$(call go-get-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo@v2.27.2)
+	$(call go-get-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo@v2.28.1)
diff --git a/controllers/instance/instance_controller_test.go b/controllers/instance/instance_controller_test.go
index d785dc6..932418a 100644
--- a/controllers/instance/instance_controller_test.go
+++ b/controllers/instance/instance_controller_test.go
@@ -483,6 +483,7 @@ var _ = Describe("Reconcile", Label("controller"), func() {
 			Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: utils.GetServiceName(proxy)}, service)).ShouldNot(HaveOccurred())
 			Ω(service.Spec.Type).Should(Equal(corev1.ServiceTypeLoadBalancer))
 			Ω(service.Annotations["service.beta.kubernetes.io/aws-load-balancer-scheme"]).Should(Equal("internet-facing"))
+			Ω(service.Spec.Selector["app.kubernetes.io/name"]).Should(Equal(proxy.Name + "-haproxy"))
 
 			secret := &corev1.Secret{}
 			Ω(cli.Get(ctx, client.ObjectKey{Namespace: proxy.Namespace, Name: "bar-foo-haproxy-config"}, secret)).ShouldNot(HaveOccurred())
diff --git a/controllers/instance/prometheus.go b/controllers/instance/prometheus.go
index 0aa766c..e296c47 100644
--- a/controllers/instance/prometheus.go
+++ b/controllers/instance/prometheus.go
@@ -8,6 +8,7 @@ import (
 	proxyv1alpha1 "github.com/six-group/haproxy-operator/apis/proxy/v1alpha1"
 	"github.com/six-group/haproxy-operator/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
@@ -45,7 +46,7 @@ func (r *Reconciler) reconcilePodMonitor(ctx context.Context, instance *proxyv1a
 				Path:           "/metrics",
 				RelabelConfigs: instance.Spec.Metrics.RelabelConfigs,
 				Interval:       instance.Spec.Metrics.Interval,
-				Scheme:         "http",
+				Scheme:         ptr.To(monitoringv1.SchemeHTTPS),
 			},
 		}
 
diff --git a/controllers/instance/service.go b/controllers/instance/service.go
index a44a227..18ef2e1 100644
--- a/controllers/instance/service.go
+++ b/controllers/instance/service.go
@@ -38,6 +38,7 @@ func (r *Reconciler) reconcileService(ctx context.Context, instance *proxyv1alph
 		}
 
 		service.Labels = utils.GetAppSelectorLabels(instance)
+		service.Spec.Selector = utils.GetAppSelectorLabels(instance)
 
 		if instance.Spec.Network.Service.Annotations != nil {
 			service.Annotations = instance.Spec.Network.Service.Annotations
diff --git a/docs/api-reference.md b/docs/api-reference.md
index 1c22427..b807143 100644
--- a/docs/api-reference.md
+++ b/docs/api-reference.md
@@ -87,27 +87,27 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `mode` _string_ | Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] <br /> |
-| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  |  |
-| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  |  |
-| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  |  |
-| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  |  |
-| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  |  |
-| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  |  |
-| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  |  |
-| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  |  |
-| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  |  |
-| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  |  |
-| `checkTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | CheckTimeout sets an additional check timeout, but only after a connection has been already<br />established. |  |  |
+| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  | Optional: \{\} <br /> |
+| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  | Optional: \{\} <br /> |
+| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  | Optional: \{\} <br /> |
+| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  | Optional: \{\} <br /> |
+| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  | Optional: \{\} <br /> |
+| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  | Optional: \{\} <br /> |
+| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  | Optional: \{\} <br /> |
+| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  | Optional: \{\} <br /> |
+| `checkTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | CheckTimeout sets an additional check timeout, but only after a connection has been already<br />established. |  | Optional: \{\} <br /> |
 | `servers` _[Server](#server) array_ | Servers defines the backend servers and its configuration. |  |  |
 | `serverTemplates` _[ServerTemplate](#servertemplate) array_ | ServerTemplates defines the backend server templates and its configuration. |  |  |
-| `balance` _[Balance](#balance)_ | Balance defines the load balancing algorithm to be used in a backend. |  |  |
-| `hostRegex` _string_ | HostRegex specifies a regular expression used for backend switching rules. |  |  |
-| `hostCertificate` _[CertificateListElement](#certificatelistelement)_ | HostCertificate specifies a certificate for that host used in the crt-list of a frontend |  |  |
-| `redispatch` _boolean_ | Redispatch enable or disable session redistribution in case of connection failure |  |  |
-| `hashType` _[HashType](#hashtype)_ | HashType specifies a method to use for mapping hashes to servers |  |  |
-| `cookie` _[Cookie](#cookie)_ | Cookie enables cookie-based persistence in a backend. |  |  |
-| `httpchk` _[HTTPChk](#httpchk)_ | HTTPChk Enables HTTP protocol to check on the servers health |  |  |
-| `tcpCheck` _boolean_ | TCPCheck Perform health checks using tcp-check send/expect sequences |  |  |
+| `balance` _[Balance](#balance)_ | Balance defines the load balancing algorithm to be used in a backend. |  | Optional: \{\} <br /> |
+| `hostRegex` _string_ | HostRegex specifies a regular expression used for backend switching rules. |  | Optional: \{\} <br /> |
+| `hostCertificate` _[CertificateListElement](#certificatelistelement)_ | HostCertificate specifies a certificate for that host used in the crt-list of a frontend |  | Optional: \{\} <br /> |
+| `redispatch` _boolean_ | Redispatch enable or disable session redistribution in case of connection failure |  | Optional: \{\} <br /> |
+| `hashType` _[HashType](#hashtype)_ | HashType specifies a method to use for mapping hashes to servers |  | Optional: \{\} <br /> |
+| `cookie` _[Cookie](#cookie)_ | Cookie enables cookie-based persistence in a backend. |  | Optional: \{\} <br /> |
+| `httpchk` _[HTTPChk](#httpchk)_ | HTTPChk Enables HTTP protocol to check on the servers health |  | Optional: \{\} <br /> |
+| `tcpCheck` _boolean_ | TCPCheck Perform health checks using tcp-check send/expect sequences |  | Optional: \{\} <br /> |
 
 
 #### BackendSwitchingRule
@@ -123,8 +123,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `backend` _[BackendReference](#backendreference)_ | Backend reference used to resolve the backend name. |  |  |
 
 
@@ -161,16 +161,16 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `mode` _string_ | Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] <br /> |
-| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  |  |
-| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  |  |
-| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  |  |
-| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  |  |
-| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  |  |
-| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  |  |
-| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  |  |
-| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  |  |
-| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  |  |
-| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  |  |
+| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  | Optional: \{\} <br /> |
+| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  | Optional: \{\} <br /> |
+| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  | Optional: \{\} <br /> |
+| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  | Optional: \{\} <br /> |
+| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  | Optional: \{\} <br /> |
+| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  | Optional: \{\} <br /> |
+| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  | Optional: \{\} <br /> |
+| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  | Optional: \{\} <br /> |
 
 
 #### Bind
@@ -188,13 +188,13 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `name` _string_ | Name for these sockets, which will be reported on the stats page. |  |  |
-| `address` _string_ | Address can be a host name, an IPv4 address, an IPv6 address, or '*' (is equal to the special address "0.0.0.0"). |  | Pattern: `^[^\s]+$` <br /> |
+| `address` _string_ | Address can be a host name, an IPv4 address, an IPv6 address, or '*' (is equal to the special address "0.0.0.0"). |  | Pattern: `^[^\s]+$` <br />Optional: \{\} <br /> |
 | `port` _integer_ | Port |  | Maximum: 65535 <br />Minimum: 1 <br /> |
-| `portRangeEnd` _integer_ | PortRangeEnd if set it must be greater than Port |  | Maximum: 65535 <br />Minimum: 1 <br /> |
-| `transparent` _boolean_ | Transparent is an optional keyword which is supported only on certain Linux kernels. It<br />indicates that the addresses will be bound even if they do not belong to the<br />local machine, and that packets targeting any of these addresses will be<br />intercepted just as if the addresses were locally configured. This normally<br />requires that IP forwarding is enabled. Caution! do not use this with the<br />default address '*', as it would redirect any traffic for the specified port. |  |  |
-| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  |  |
-| `hidden` _boolean_ | Hidden hides the bind and prevent exposing the Bind in services or routes |  |  |
-| `acceptProxy` _boolean_ | AcceptProxy enforces the use of the PROXY protocol over any connection accepted by any of<br />the sockets declared on the same line. |  |  |
+| `portRangeEnd` _integer_ | PortRangeEnd if set it must be greater than Port |  | Maximum: 65535 <br />Minimum: 1 <br />Optional: \{\} <br /> |
+| `transparent` _boolean_ | Transparent is an optional keyword which is supported only on certain Linux kernels. It<br />indicates that the addresses will be bound even if they do not belong to the<br />local machine, and that packets targeting any of these addresses will be<br />intercepted just as if the addresses were locally configured. This normally<br />requires that IP forwarding is enabled. Caution! do not use this with the<br />default address '*', as it would redirect any traffic for the specified port. |  | Optional: \{\} <br /> |
+| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  | Optional: \{\} <br /> |
+| `hidden` _boolean_ | Hidden hides the bind and prevent exposing the Bind in services or routes |  | Optional: \{\} <br /> |
+| `acceptProxy` _boolean_ | AcceptProxy enforces the use of the PROXY protocol over any connection accepted by any of<br />the sockets declared on the same line. |  | Optional: \{\} <br /> |
 
 
 #### CertificateListElement
@@ -213,9 +213,9 @@ _Appears in:_
 | --- | --- | --- | --- |
 | `certificate` _[SSLCertificate](#sslcertificate)_ | Certificate that will be presented to clients who provide a valid<br />TLSServerNameIndication field matching the SNIFilter. |  |  |
 | `sniFilter` _string_ | SNIFilter specifies the filter for the SSL Certificate.  Wildcards are supported in the SNIFilter. Negative filter are also supported. |  |  |
-| `alpn` _string array_ | Alpn enables the TLS ALPN extension and advertises the specified protocol<br />list as supported on top of ALPN. |  |  |
-| `ocsp` _boolean_ | Ocsp Enable OCSP stapling for a specific certificate |  |  |
-| `ocsp_file` _[OcspFile](#ocspfile)_ | OcspFile you can save the OCSP response to a file so that HAProxy loads it during startup. |  |  |
+| `alpn` _string array_ | Alpn enables the TLS ALPN extension and advertises the specified protocol<br />list as supported on top of ALPN. |  | Optional: \{\} <br /> |
+| `ocsp` _boolean_ | Ocsp Enable OCSP stapling for a specific certificate |  | Optional: \{\} <br /> |
+| `ocsp_file` _[OcspFile](#ocspfile)_ | OcspFile you can save the OCSP response to a file so that HAProxy loads it during startup. |  | Optional: \{\} <br /> |
 
 
 #### Check
@@ -234,9 +234,9 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `enabled` _boolean_ | Enable enables health checks on a server. If not set, no health checking is performed, and the server is always<br />considered available. |  |  |
-| `inter` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Inter sets the interval between two consecutive health checks. If left unspecified, the delay defaults to 2000 ms. |  |  |
-| `rise` _integer_ | Rise specifies the number of consecutive successful health checks after a server will be considered as operational.<br />This value defaults to 2 if unspecified. |  |  |
-| `fall` _integer_ | Fall specifies the number of consecutive unsuccessful health checks after a server will be considered as dead.<br />This value defaults to 3 if unspecified. |  |  |
+| `inter` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Inter sets the interval between two consecutive health checks. If left unspecified, the delay defaults to 2000 ms. |  | Optional: \{\} <br /> |
+| `rise` _integer_ | Rise specifies the number of consecutive successful health checks after a server will be considered as operational.<br />This value defaults to 2 if unspecified. |  | Optional: \{\} <br /> |
+| `fall` _integer_ | Fall specifies the number of consecutive unsuccessful health checks after a server will be considered as dead.<br />This value defaults to 3 if unspecified. |  | Optional: \{\} <br /> |
 
 
 #### Cookie
@@ -254,18 +254,18 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `name` _string_ | Name of the cookie which will be monitored, modified or inserted in order to bring persistence. |  |  |
-| `mode` _[CookieMode](#cookiemode)_ | Mode could be 'rewrite', 'insert', 'prefix'. Select one. |  |  |
-| `indirect` _boolean_ | Indirect no cookie will be emitted to a client which already has a valid one<br />for the server which has processed the request. |  |  |
-| `noCache` _boolean_ | NoCache recommended in conjunction with the insert mode when there is a cache<br />between the client and HAProx |  |  |
-| `postOnly` _boolean_ | PostOnly ensures that cookie insertion will only be performed on responses to POST requests. |  |  |
-| `preserve` _boolean_ | Preserve only be used with "insert" and/or "indirect". It allows the server<br />to emit the persistence cookie itself. |  |  |
-| `httpOnly` _boolean_ | HTTPOnly add an "HttpOnly" cookie attribute when a cookie is inserted.<br />It doesn't share the cookie with non-HTTP components. |  |  |
-| `secure` _boolean_ | Secure add a "Secure" cookie attribute when a cookie is inserted. The user agent<br />never emits this cookie over non-secure channels. The cookie will be presented<br />only over SSL/TLS connections. |  |  |
-| `dynamic` _boolean_ | Dynamic activates dynamic cookies, when used, a session cookie is dynamically created for each server,<br />based on the IP and port of the server, and a secret key. |  |  |
-| `domain` _string array_ | Domain specify the domain at which a cookie is inserted. You can specify<br />several domain names by invoking this option multiple times. |  |  |
-| `maxIdle` _integer_ | MaxIdle cookies are ignored after some idle time. |  |  |
-| `maxLife` _integer_ | MaxLife cookies are ignored after some life time. |  |  |
-| `attribute` _string array_ | Attribute add an extra attribute when a cookie is inserted. |  |  |
+| `mode` _[CookieMode](#cookiemode)_ | Mode could be 'rewrite', 'insert', 'prefix'. Select one. |  | Optional: \{\} <br /> |
+| `indirect` _boolean_ | Indirect no cookie will be emitted to a client which already has a valid one<br />for the server which has processed the request. |  | Optional: \{\} <br /> |
+| `noCache` _boolean_ | NoCache recommended in conjunction with the insert mode when there is a cache<br />between the client and HAProx |  | Optional: \{\} <br /> |
+| `postOnly` _boolean_ | PostOnly ensures that cookie insertion will only be performed on responses to POST requests. |  | Optional: \{\} <br /> |
+| `preserve` _boolean_ | Preserve only be used with "insert" and/or "indirect". It allows the server<br />to emit the persistence cookie itself. |  | Optional: \{\} <br /> |
+| `httpOnly` _boolean_ | HTTPOnly add an "HttpOnly" cookie attribute when a cookie is inserted.<br />It doesn't share the cookie with non-HTTP components. |  | Optional: \{\} <br /> |
+| `secure` _boolean_ | Secure add a "Secure" cookie attribute when a cookie is inserted. The user agent<br />never emits this cookie over non-secure channels. The cookie will be presented<br />only over SSL/TLS connections. |  | Optional: \{\} <br /> |
+| `dynamic` _boolean_ | Dynamic activates dynamic cookies, when used, a session cookie is dynamically created for each server,<br />based on the IP and port of the server, and a secret key. |  | Optional: \{\} <br /> |
+| `domain` _string array_ | Domain specify the domain at which a cookie is inserted. You can specify<br />several domain names by invoking this option multiple times. |  | Optional: \{\} <br /> |
+| `maxIdle` _integer_ | MaxIdle cookies are ignored after some idle time. |  | Optional: \{\} <br /> |
+| `maxLife` _integer_ | MaxLife cookies are ignored after some life time. |  | Optional: \{\} <br /> |
+| `attribute` _string array_ | Attribute add an extra attribute when a cookie is inserted. |  | Optional: \{\} <br /> |
 
 
 #### CookieMode
@@ -299,10 +299,10 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `enabled` _boolean_ | Enabled enables deny http request |  |  |
-| `denyStatus` _integer_ | DenyStatus is the HTTP status code. |  | Maximum: 599 <br />Minimum: 200 <br /> |
+| `denyStatus` _integer_ | DenyStatus is the HTTP status code. |  | Maximum: 599 <br />Minimum: 200 <br />Optional: \{\} <br /> |
 
 
 #### ErrorFile
@@ -339,7 +339,7 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `configMapKeyRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#configmapkeyselector-v1-core)_ | ConfigMapKeyRef selects a key of a ConfigMap. |  |  |
+| `configMapKeyRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#configmapkeyselector-v1-core)_ | ConfigMapKeyRef selects a key of a ConfigMap. |  | Optional: \{\} <br /> |
 
 
 #### Forwardfor
@@ -396,18 +396,18 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `mode` _string_ | Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] <br /> |
-| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  |  |
-| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  |  |
-| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  |  |
-| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  |  |
-| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  |  |
-| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  |  |
-| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  |  |
-| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  |  |
-| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  |  |
-| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  |  |
+| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  | Optional: \{\} <br /> |
+| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  | Optional: \{\} <br /> |
+| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  | Optional: \{\} <br /> |
+| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  | Optional: \{\} <br /> |
+| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  | Optional: \{\} <br /> |
+| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  | Optional: \{\} <br /> |
+| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  | Optional: \{\} <br /> |
+| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  | Optional: \{\} <br /> |
 | `binds` _[Bind](#bind) array_ | Binds defines the frontend listening addresses, ports and its configuration. |  | MinItems: 1 <br /> |
-| `backendSwitching` _[BackendSwitchingRule](#backendswitchingrule) array_ | BackendSwitching rules specify the specific backend used if/unless an ACL-based condition is matched. |  |  |
+| `backendSwitching` _[BackendSwitchingRule](#backendswitchingrule) array_ | BackendSwitching rules specify the specific backend used if/unless an ACL-based condition is matched. |  | Optional: \{\} <br /> |
 | `defaultBackend` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | DefaultBackend to use when no 'use_backend' rule has been matched. |  |  |
 
 
@@ -426,7 +426,7 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `uri` _string_ | URI |  |  |
-| `method` _string_ | Method http method<br />Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS] |  | Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS] <br /> |
+| `method` _string_ | Method http method<br />Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS] |  | Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS] <br />Optional: \{\} <br /> |
 
 
 #### HTTPDeleteHeaderRule
@@ -442,10 +442,10 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `name` _string_ | Name specifies the header name |  |  |
-| `method` _string_ | Method is the matching applied on the header name |  | Enum: [str beg end sub reg] <br /> |
+| `method` _string_ | Method is the matching applied on the header name |  | Enum: [str beg end sub reg] <br />Optional: \{\} <br /> |
 
 
 #### HTTPHeaderRule
@@ -462,8 +462,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `name` _string_ | Name specifies the header name |  |  |
 | `value` _[HTTPHeaderValue](#httpheadervalue)_ | Value specifies the header value |  |  |
 
@@ -499,8 +499,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `format` _string_ | Value specifies the path value |  |  |
 
 
@@ -526,9 +526,9 @@ _Appears in:_
 | `setPath` _[HTTPPathRule](#httppathrule) array_ | SetPath sets request path |  |  |
 | `addHeader` _[HTTPHeaderRule](#httpheaderrule) array_ | AddHeader appends HTTP header fields |  |  |
 | `delHeader` _[HTTPDeleteHeaderRule](#httpdeleteheaderrule) array_ | DelHeader removes all HTTP header fields |  |  |
-| `redirect` _[Redirect](#redirect) array_ | Redirect performs an HTTP redirection based on a redirect rule. |  |  |
-| `replacePath` _[ReplacePath](#replacepath) array_ | ReplacePath matches the value of the path using a regex and completely replaces it with the specified format.<br />The replacement does not modify the scheme, the authority and the query-string. |  |  |
-| `deny` _[Deny](#deny) array_ | Deny stops the evaluation of the rules and immediately rejects the request and emits an HTTP 403 error.<br />Optionally the status code specified as an argument to deny_status. |  |  |
+| `redirect` _[Redirect](#redirect) array_ | Redirect performs an HTTP redirection based on a redirect rule. |  | Optional: \{\} <br /> |
+| `replacePath` _[ReplacePath](#replacepath) array_ | ReplacePath matches the value of the path using a regex and completely replaces it with the specified format.<br />The replacement does not modify the scheme, the authority and the query-string. |  | Optional: \{\} <br /> |
+| `deny` _[Deny](#deny) array_ | Deny stops the evaluation of the rules and immediately rejects the request and emits an HTTP 403 error.<br />Optionally the status code specified as an argument to deny_status. |  | Optional: \{\} <br /> |
 | `return` _[HTTPReturn](#httpreturn)_ | Return stops the evaluation of the rules and immediately returns a response. |  |  |
 
 
@@ -599,9 +599,9 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `method` _string_ |  |  | Enum: [map-based consistent] <br /> |
-| `function` _string_ |  |  | Enum: [sdbm djb2 wt6 crc32] <br /> |
-| `modifier` _string_ |  |  | Enum: [avalanche] <br /> |
+| `method` _string_ |  |  | Enum: [map-based consistent] <br />Optional: \{\} <br /> |
+| `function` _string_ |  |  | Enum: [sdbm djb2 wt6 crc32] <br />Optional: \{\} <br /> |
+| `modifier` _string_ |  |  | Enum: [avalanche] <br />Optional: \{\} <br /> |
 
 
 #### Hold
@@ -657,27 +657,27 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `mode` _string_ | Mode can be either 'tcp' or 'http'. In TCP mode it is a layer 4 proxy. In HTTP mode it is a layer 7 proxy. | http | Enum: [http tcp] <br /> |
-| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  |  |
-| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  |  |
-| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  |  |
-| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  |  |
-| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  |  |
-| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  |  |
-| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  |  |
-| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  |  |
-| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  |  |
-| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  |  |
+| `httpResponse` _[HTTPResponseRules](#httpresponserules)_ | HTTPResponse rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `httpRequest` _[HTTPRequestRules](#httprequestrules)_ | HTTPRequest rules define a set of rules which apply to layer 7 processing. |  | Optional: \{\} <br /> |
+| `tcpRequest` _[TCPRequestRule](#tcprequestrule) array_ | TCPRequest rules perform an action on an incoming connection depending on a layer 4 condition. |  | Optional: \{\} <br /> |
+| `acl` _[ACL](#acl) array_ | ACL (Access Control Lists) provides a flexible solution to perform<br />content switching and generally to take decisions based on content extracted<br />from the request, the response or any environmental status |  | Optional: \{\} <br /> |
+| `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, connect, http-keep-alive, http-request, queue, server, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html |  | Optional: \{\} <br /> |
+| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  | Optional: \{\} <br /> |
+| `forwardFor` _[Forwardfor](#forwardfor)_ | Forwardfor enable insertion of the X-Forwarded-For header to requests sent to servers |  | Optional: \{\} <br /> |
+| `httpPretendKeepalive` _boolean_ | HTTPPretendKeepalive will keep the connection alive. It is recommended not to enable this option by default. |  | Optional: \{\} <br /> |
+| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  | Optional: \{\} <br /> |
+| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  | Optional: \{\} <br /> |
 | `binds` _[Bind](#bind) array_ | Binds defines the frontend listening addresses, ports and its configuration. |  | MinItems: 1 <br /> |
-| `servers` _[Server](#server) array_ | Servers defines the backend servers and its configuration. |  |  |
-| `serverTemplates` _[ServerTemplate](#servertemplate) array_ | ServerTemplates defines the backend server templates and its configuration. |  |  |
-| `checkTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | CheckTimeout sets an additional check timeout, but only after a connection has been already<br />established. |  |  |
-| `balance` _[Balance](#balance)_ | Balance defines the load balancing algorithm to be used in a backend. |  |  |
-| `redispatch` _boolean_ | Redispatch enable or disable session redistribution in case of connection failure |  |  |
-| `hashType` _[HashType](#hashtype)_ | HashType Specify a method to use for mapping hashes to servers |  |  |
-| `cookie` _[Cookie](#cookie)_ | Cookie enables cookie-based persistence in a backend. |  |  |
-| `hostCertificate` _[CertificateListElement](#certificatelistelement)_ | HostCertificate specifies a certificate for that host used in the crt-list of a frontend |  |  |
-| `httpCheck` _[HTTPChk](#httpchk)_ | HTTPCheck Enables HTTP protocol to check on the servers health |  |  |
-| `tcpCheck` _boolean_ | TCPCheck Perform health checks using tcp-check send/expect sequences |  |  |
+| `servers` _[Server](#server) array_ | Servers defines the backend servers and its configuration. |  | Optional: \{\} <br /> |
+| `serverTemplates` _[ServerTemplate](#servertemplate) array_ | ServerTemplates defines the backend server templates and its configuration. |  | Optional: \{\} <br /> |
+| `checkTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | CheckTimeout sets an additional check timeout, but only after a connection has been already<br />established. |  | Optional: \{\} <br /> |
+| `balance` _[Balance](#balance)_ | Balance defines the load balancing algorithm to be used in a backend. |  | Optional: \{\} <br /> |
+| `redispatch` _boolean_ | Redispatch enable or disable session redistribution in case of connection failure |  | Optional: \{\} <br /> |
+| `hashType` _[HashType](#hashtype)_ | HashType Specify a method to use for mapping hashes to servers |  | Optional: \{\} <br /> |
+| `cookie` _[Cookie](#cookie)_ | Cookie enables cookie-based persistence in a backend. |  | Optional: \{\} <br /> |
+| `hostCertificate` _[CertificateListElement](#certificatelistelement)_ | HostCertificate specifies a certificate for that host used in the crt-list of a frontend |  | Optional: \{\} <br /> |
+| `httpCheck` _[HTTPChk](#httpchk)_ | HTTPCheck Enables HTTP protocol to check on the servers health |  | Optional: \{\} <br /> |
+| `tcpCheck` _boolean_ | TCPCheck Perform health checks using tcp-check send/expect sequences |  | Optional: \{\} <br /> |
 
 
 #### Nameserver
@@ -732,10 +732,10 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `v1` _boolean_ | V1 parameter enforces use of the PROXY protocol version 1. |  |  |
-| `v2` _[ProxyProtocolV2](#proxyprotocolv2)_ | V2 parameter enforces use of the PROXY protocol version 2. |  |  |
-| `v2SSL` _boolean_ | V2SSL parameter add the SSL information extension of the PROXY protocol to the PROXY protocol header. |  |  |
-| `v2SSLCN` _boolean_ | V2SSLCN parameter add the SSL information extension of the PROXY protocol to the PROXY protocol header and he SSL information extension<br />along with the Common Name from the subject of the client certificate (if any), is added to the PROXY protocol header. |  |  |
+| `v1` _boolean_ | V1 parameter enforces use of the PROXY protocol version 1. |  | Optional: \{\} <br /> |
+| `v2` _[ProxyProtocolV2](#proxyprotocolv2)_ | V2 parameter enforces use of the PROXY protocol version 2. |  | Optional: \{\} <br /> |
+| `v2SSL` _boolean_ | V2SSL parameter add the SSL information extension of the PROXY protocol to the PROXY protocol header. |  | Optional: \{\} <br /> |
+| `v2SSLCN` _boolean_ | V2SSLCN parameter add the SSL information extension of the PROXY protocol to the PROXY protocol header and he SSL information extension<br />along with the Common Name from the subject of the client certificate (if any), is added to the PROXY protocol header. |  | Optional: \{\} <br /> |
 
 
 #### ProxyProtocolV2
@@ -751,8 +751,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `enabled` _boolean_ | Enabled enables the PROXY protocol version 2. |  |  |
-| `options` _[ProxyProtocolV2Options](#proxyprotocolv2options)_ | Options is a list of options to add to the PROXY protocol header. |  |  |
+| `enabled` _boolean_ | Enabled enables the PROXY protocol version 2. |  | Optional: \{\} <br /> |
+| `options` _[ProxyProtocolV2Options](#proxyprotocolv2options)_ | Options is a list of options to add to the PROXY protocol header. |  | Optional: \{\} <br /> |
 
 
 #### ProxyProtocolV2Options
@@ -768,14 +768,14 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `ssl` _boolean_ | Ssl is equivalent to use V2SSL. |  |  |
-| `certCn` _boolean_ | CertCn is equivalent to use V2SSLCN. |  |  |
-| `sslCipher` _boolean_ | SslCipher is the name of the used cipher. |  |  |
-| `certSig` _boolean_ | CertSig is the signature algorithm of the used certificate. |  |  |
-| `certKey` _boolean_ | CertKey is the key algorithm of the used certificate. |  |  |
-| `authority` _boolean_ | Authority is the host name value passed by the client (only SNI from a TLS) |  |  |
-| `crc32C` _boolean_ | Crc32c is the checksum of the PROXYv2 header. |  |  |
-| `uniqueID` _boolean_ | UniqueId sends a unique ID generated using the frontend's "unique-id-format" within the PROXYv2 header.<br />This unique-id is primarily meant for "mode tcp". It can lead to unexpected results in "mode http". |  |  |
+| `ssl` _boolean_ | Ssl is equivalent to use V2SSL. |  | Optional: \{\} <br /> |
+| `certCn` _boolean_ | CertCn is equivalent to use V2SSLCN. |  | Optional: \{\} <br /> |
+| `sslCipher` _boolean_ | SslCipher is the name of the used cipher. |  | Optional: \{\} <br /> |
+| `certSig` _boolean_ | CertSig is the signature algorithm of the used certificate. |  | Optional: \{\} <br /> |
+| `certKey` _boolean_ | CertKey is the key algorithm of the used certificate. |  | Optional: \{\} <br /> |
+| `authority` _boolean_ | Authority is the host name value passed by the client (only SNI from a TLS) |  | Optional: \{\} <br /> |
+| `crc32C` _boolean_ | Crc32c is the checksum of the PROXYv2 header. |  | Optional: \{\} <br /> |
+| `uniqueID` _boolean_ | UniqueId sends a unique ID generated using the frontend's "unique-id-format" within the PROXYv2 header.<br />This unique-id is primarily meant for "mode tcp". It can lead to unexpected results in "mode http". |  | Optional: \{\} <br /> |
 
 
 #### Redirect
@@ -791,12 +791,12 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
-| `code` _integer_ | Code indicates which type of HTTP redirection is desired. |  | Enum: [301 302 303 307 308] <br /> |
-| `type` _[RedirectType](#redirecttype)_ | Type selects a mode and value to redirect |  |  |
-| `value` _string_ | Value to redirect |  |  |
-| `option` _[RedirectOption](#redirectoption)_ | Value to redirect |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
+| `code` _integer_ | Code indicates which type of HTTP redirection is desired. |  | Enum: [301 302 303 307 308] <br />Optional: \{\} <br /> |
+| `type` _[RedirectType](#redirecttype)_ | Type selects a mode and value to redirect |  | Optional: \{\} <br /> |
+| `value` _string_ | Value to redirect |  | Optional: \{\} <br /> |
+| `option` _[RedirectOption](#redirectoption)_ | Value to redirect |  | Optional: \{\} <br /> |
 
 
 #### RedirectCookie
@@ -812,8 +812,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `name` _string_ | Name |  |  |
-| `value` _string_ | Value |  |  |
+| `name` _string_ | Name |  | Optional: \{\} <br /> |
+| `value` _string_ | Value |  | Optional: \{\} <br /> |
 
 
 #### RedirectOption
@@ -829,10 +829,10 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `dropQuery` _boolean_ | DropQuery removes the query string from the original URL when performing the concatenation. |  |  |
-| `appendSlash` _boolean_ | AppendSlash adds a / character at the end of the URL. |  |  |
-| `SetCookie` _[RedirectCookie](#redirectcookie)_ | SetCookie adds header to the redirection. It will be added with NAME (and optionally "=value") |  |  |
-| `ClearCookie` _[RedirectCookie](#redirectcookie)_ | ClearCookie is to instruct the browser to delete the cookie. It will be added with NAME (and optionally "=").<br />To add "=" type any string in the value field |  |  |
+| `dropQuery` _boolean_ | DropQuery removes the query string from the original URL when performing the concatenation. |  | Optional: \{\} <br /> |
+| `appendSlash` _boolean_ | AppendSlash adds a / character at the end of the URL. |  | Optional: \{\} <br /> |
+| `SetCookie` _[RedirectCookie](#redirectcookie)_ | SetCookie adds header to the redirection. It will be added with NAME (and optionally "=value") |  | Optional: \{\} <br /> |
+| `ClearCookie` _[RedirectCookie](#redirectcookie)_ | ClearCookie is to instruct the browser to delete the cookie. It will be added with NAME (and optionally "=").<br />To add "=" type any string in the value field |  | Optional: \{\} <br /> |
 
 
 #### RedirectType
@@ -848,9 +848,9 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `location` _boolean_ | Location replaces the entire location of a URL. |  |  |
-| `insert` _boolean_ | Prefix adds a prefix to the URL's location. |  |  |
-| `prefix` _boolean_ | Scheme redirects to a different scheme. |  |  |
+| `location` _boolean_ | Location replaces the entire location of a URL. |  | Optional: \{\} <br /> |
+| `insert` _boolean_ | Prefix adds a prefix to the URL's location. |  | Optional: \{\} <br /> |
+| `prefix` _boolean_ | Scheme redirects to a different scheme. |  | Optional: \{\} <br /> |
 
 
 #### RegexBackendMapping
@@ -884,8 +884,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `matchRegex` _string_ | MatchRegex is a string pattern used to identify the paths that need to be replaced. |  |  |
 | `replaceFmt` _string_ | ReplaceFmt defines the format string used to replace the values that match the pattern. |  |  |
 
@@ -922,11 +922,11 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `nameservers` _[Nameserver](#nameserver) array_ | Nameservers used to configure a nameservers. |  |  |
-| `acceptedPayloadSize` _integer_ | AcceptedPayloadSize defines the maximum payload size accepted by HAProxy and announced to all the  name servers<br />configured in this resolver. |  | Maximum: 8192 <br />Minimum: 512 <br /> |
-| `parseResolvConf` _boolean_ | ParseResolvConf if true, adds all nameservers found in /etc/resolv.conf to this resolvers nameservers list. |  |  |
-| `resolveRetries` _integer_ | ResolveRetries defines the number <nb> of queries to send to resolve a server name before giving up. Default value: 3 |  | Minimum: 1 <br /> |
-| `hold` _[Hold](#hold)_ | Hold defines the period during which the last name resolution should be kept based on the last resolution status. |  |  |
-| `timeouts` _[Timeouts](#timeouts)_ | Timeouts defines timeouts related to name resolution. |  |  |
+| `acceptedPayloadSize` _integer_ | AcceptedPayloadSize defines the maximum payload size accepted by HAProxy and announced to all the  name servers<br />configured in this resolver. |  | Maximum: 8192 <br />Minimum: 512 <br />Optional: \{\} <br /> |
+| `parseResolvConf` _boolean_ | ParseResolvConf if true, adds all nameservers found in /etc/resolv.conf to this resolvers nameservers list. |  | Optional: \{\} <br /> |
+| `resolveRetries` _integer_ | ResolveRetries defines the number <nb> of queries to send to resolve a server name before giving up. Default value: 3 |  | Minimum: 1 <br />Optional: \{\} <br /> |
+| `hold` _[Hold](#hold)_ | Hold defines the period during which the last name resolution should be kept based on the last resolution status. |  | Optional: \{\} <br /> |
+| `timeouts` _[Timeouts](#timeouts)_ | Timeouts defines timeouts related to name resolution. |  | Optional: \{\} <br /> |
 
 
 #### Rule
@@ -949,8 +949,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 
 
 #### SSL
@@ -970,12 +970,12 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `enabled` _boolean_ | Enabled enables SSL deciphering on connections instantiated from this listener. A<br />certificate is necessary. All contents in the buffers will<br />appear in clear text, so that ACLs and HTTP processing will only have access<br />to deciphered contents. SSLv3 is disabled per default, set MinVersion to SSLv3<br />to enable it. |  |  |
-| `minVersion` _string_ | MinVersion enforces use of the specified version or upper on SSL connections<br />instantiated from this listener. |  | Enum: [SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3] <br /> |
-| `verify` _string_ | Verify is only available when support for OpenSSL was built in. If set<br />to 'none', client certificate is not requested. This is the default. In other<br />cases, a client certificate is requested. If the client does not provide a<br />certificate after the request and if 'Verify' is set to 'required', then the<br />handshake is aborted, while it would have succeeded if set to 'optional'. The verification<br />of the certificate provided by the client using CAs from CACertificate.<br />On verify failure the handshake abortes, regardless of the 'verify' option. |  | Enum: [none optional required] <br /> |
-| `caCertificate` _[SSLCertificate](#sslcertificate)_ | CACertificate configures the CACertificate used for the Server or Bind client certificate |  |  |
-| `certificate` _[SSLCertificate](#sslcertificate)_ | Certificate configures a PEM based Certificate file containing both the required certificates and any<br />associated private keys. |  |  |
-| `sni` _string_ | SNI parameter evaluates the sample fetch expression, converts it to a<br />string and uses the result as the host name sent in the SNI TLS extension to<br />the server. |  |  |
-| `alpn` _string array_ | Alpn enables the TLS ALPN extension and advertises the specified protocol<br />list as supported on top of ALPN. |  |  |
+| `minVersion` _string_ | MinVersion enforces use of the specified version or upper on SSL connections<br />instantiated from this listener. |  | Enum: [SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3] <br />Optional: \{\} <br /> |
+| `verify` _string_ | Verify is only available when support for OpenSSL was built in. If set<br />to 'none', client certificate is not requested. This is the default. In other<br />cases, a client certificate is requested. If the client does not provide a<br />certificate after the request and if 'Verify' is set to 'required', then the<br />handshake is aborted, while it would have succeeded if set to 'optional'. The verification<br />of the certificate provided by the client using CAs from CACertificate.<br />On verify failure the handshake abortes, regardless of the 'verify' option. |  | Enum: [none optional required] <br />Optional: \{\} <br /> |
+| `caCertificate` _[SSLCertificate](#sslcertificate)_ | CACertificate configures the CACertificate used for the Server or Bind client certificate |  | Optional: \{\} <br /> |
+| `certificate` _[SSLCertificate](#sslcertificate)_ | Certificate configures a PEM based Certificate file containing both the required certificates and any<br />associated private keys. |  | Optional: \{\} <br /> |
+| `sni` _string_ | SNI parameter evaluates the sample fetch expression, converts it to a<br />string and uses the result as the host name sent in the SNI TLS extension to<br />the server. |  | Optional: \{\} <br /> |
+| `alpn` _string array_ | Alpn enables the TLS ALPN extension and advertises the specified protocol<br />list as supported on top of ALPN. |  | Optional: \{\} <br /> |
 
 
 #### SSLCertificate
@@ -1011,9 +1011,9 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `configMapKeyRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#configmapkeyselector-v1-core)_ | ConfigMapKeyRef selects a key of a ConfigMap |  |  |
-| `secretKeyRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#secretkeyselector-v1-core)_ | SecretKeyRef selects a key of a secret in the pod namespace |  |  |
-| `secretKeyExternalRef` _[SecretKeySelectorExternal](#secretkeyselectorexternal)_ | SecretKeyExternalRef selects a key of a secret in a specific namespace |  |  |
+| `configMapKeyRef` _[ConfigMapKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#configmapkeyselector-v1-core)_ | ConfigMapKeyRef selects a key of a ConfigMap |  | Optional: \{\} <br /> |
+| `secretKeyRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#secretkeyselector-v1-core)_ | SecretKeyRef selects a key of a secret in the pod namespace |  | Optional: \{\} <br /> |
+| `secretKeyExternalRef` _[SecretKeySelectorExternal](#secretkeyselectorexternal)_ | SecretKeyExternalRef selects a key of a secret in a specific namespace |  | Optional: \{\} <br /> |
 
 
 
@@ -1032,18 +1032,18 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  |  |
+| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  | Optional: \{\} <br /> |
 | `weight` _integer_ | Weight parameter is used to adjust the server weight relative to<br />other servers. All servers will receive a load proportional to their weight<br />relative to the sum of all weights. |  | Maximum: 256 <br />Minimum: 0 <br /> |
-| `check` _[Check](#check)_ | Check configures the health checks of the server. |  |  |
-| `initAddr` _string_ | InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN.<br />Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited<br />list. The first method which succeeds is used. |  |  |
-| `resolvers` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | Resolvers points to an existing resolvers to resolve current server hostname. |  |  |
-| `sendProxy` _boolean_ | SendProxy enforces use of the PROXY protocol over any<br />connection established to this server. The PROXY protocol informs the other<br />end about the layer 3/4 addresses of the incoming connection, so that it can<br />know the client address or the public address it accessed to, whatever the<br />upper layer protocol. |  |  |
+| `check` _[Check](#check)_ | Check configures the health checks of the server. |  | Optional: \{\} <br /> |
+| `initAddr` _string_ | InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN.<br />Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited<br />list. The first method which succeeds is used. |  | Optional: \{\} <br /> |
+| `resolvers` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | Resolvers points to an existing resolvers to resolve current server hostname. |  | Optional: \{\} <br /> |
+| `sendProxy` _boolean_ | SendProxy enforces use of the PROXY protocol over any<br />connection established to this server. The PROXY protocol informs the other<br />end about the layer 3/4 addresses of the incoming connection, so that it can<br />know the client address or the public address it accessed to, whatever the<br />upper layer protocol. |  | Optional: \{\} <br /> |
 | `SendProxyV2` _[ProxyProtocol](#proxyprotocol)_ | SendProxyV2 preparing new update. |  |  |
-| `verifyHost` _string_ | VerifyHost is only available when support for OpenSSL was built in, and<br />only takes effect if pec.ssl.verify' is set to 'required'. This directive sets<br />a default static hostname to check the server certificate against when no<br />SNI was used to connect to the server. |  |  |
-| `sni` _string_ | SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL |  |  |
-| `checkSNI` _string_ | CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL |  |  |
-| `cookie` _boolean_ | Cookie sets the cookie value assigned to the server. |  |  |
-| `resolvePrefer` _string_ | When DNS resolution is enabled for a server and multiple IP addresses from different families are returned,<br />HAProxy will prefer using an IP address from the ipv4 or ipv6. |  |  |
+| `verifyHost` _string_ | VerifyHost is only available when support for OpenSSL was built in, and<br />only takes effect if pec.ssl.verify' is set to 'required'. This directive sets<br />a default static hostname to check the server certificate against when no<br />SNI was used to connect to the server. |  | Optional: \{\} <br /> |
+| `sni` _string_ | SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL |  | Optional: \{\} <br /> |
+| `checkSNI` _string_ | CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL |  | Optional: \{\} <br /> |
+| `cookie` _boolean_ | Cookie sets the cookie value assigned to the server. |  | Optional: \{\} <br /> |
+| `resolvePrefer` _string_ | When DNS resolution is enabled for a server and multiple IP addresses from different families are returned,<br />HAProxy will prefer using an IP address from the ipv4 or ipv6. |  | Optional: \{\} <br /> |
 | `name` _string_ | Name of the server. |  |  |
 | `address` _string_ | Address can be a host name, an IPv4 address, an IPv6 address. |  | Pattern: `^[^\s]+$` <br /> |
 | `port` _integer_ | Port |  | Maximum: 65535 <br />Minimum: 1 <br /> |
@@ -1063,18 +1063,18 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  |  |
+| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  | Optional: \{\} <br /> |
 | `weight` _integer_ | Weight parameter is used to adjust the server weight relative to<br />other servers. All servers will receive a load proportional to their weight<br />relative to the sum of all weights. |  | Maximum: 256 <br />Minimum: 0 <br /> |
-| `check` _[Check](#check)_ | Check configures the health checks of the server. |  |  |
-| `initAddr` _string_ | InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN.<br />Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited<br />list. The first method which succeeds is used. |  |  |
-| `resolvers` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | Resolvers points to an existing resolvers to resolve current server hostname. |  |  |
-| `sendProxy` _boolean_ | SendProxy enforces use of the PROXY protocol over any<br />connection established to this server. The PROXY protocol informs the other<br />end about the layer 3/4 addresses of the incoming connection, so that it can<br />know the client address or the public address it accessed to, whatever the<br />upper layer protocol. |  |  |
+| `check` _[Check](#check)_ | Check configures the health checks of the server. |  | Optional: \{\} <br /> |
+| `initAddr` _string_ | InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN.<br />Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited<br />list. The first method which succeeds is used. |  | Optional: \{\} <br /> |
+| `resolvers` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | Resolvers points to an existing resolvers to resolve current server hostname. |  | Optional: \{\} <br /> |
+| `sendProxy` _boolean_ | SendProxy enforces use of the PROXY protocol over any<br />connection established to this server. The PROXY protocol informs the other<br />end about the layer 3/4 addresses of the incoming connection, so that it can<br />know the client address or the public address it accessed to, whatever the<br />upper layer protocol. |  | Optional: \{\} <br /> |
 | `SendProxyV2` _[ProxyProtocol](#proxyprotocol)_ | SendProxyV2 preparing new update. |  |  |
-| `verifyHost` _string_ | VerifyHost is only available when support for OpenSSL was built in, and<br />only takes effect if pec.ssl.verify' is set to 'required'. This directive sets<br />a default static hostname to check the server certificate against when no<br />SNI was used to connect to the server. |  |  |
-| `sni` _string_ | SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL |  |  |
-| `checkSNI` _string_ | CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL |  |  |
-| `cookie` _boolean_ | Cookie sets the cookie value assigned to the server. |  |  |
-| `resolvePrefer` _string_ | When DNS resolution is enabled for a server and multiple IP addresses from different families are returned,<br />HAProxy will prefer using an IP address from the ipv4 or ipv6. |  |  |
+| `verifyHost` _string_ | VerifyHost is only available when support for OpenSSL was built in, and<br />only takes effect if pec.ssl.verify' is set to 'required'. This directive sets<br />a default static hostname to check the server certificate against when no<br />SNI was used to connect to the server. |  | Optional: \{\} <br /> |
+| `sni` _string_ | SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL |  | Optional: \{\} <br /> |
+| `checkSNI` _string_ | CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL |  | Optional: \{\} <br /> |
+| `cookie` _boolean_ | Cookie sets the cookie value assigned to the server. |  | Optional: \{\} <br /> |
+| `resolvePrefer` _string_ | When DNS resolution is enabled for a server and multiple IP addresses from different families are returned,<br />HAProxy will prefer using an IP address from the ipv4 or ipv6. |  | Optional: \{\} <br /> |
 
 
 #### ServerTemplate
@@ -1091,20 +1091,20 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  |  |
+| `ssl` _[SSL](#ssl)_ | SSL configures OpenSSL |  | Optional: \{\} <br /> |
 | `weight` _integer_ | Weight parameter is used to adjust the server weight relative to<br />other servers. All servers will receive a load proportional to their weight<br />relative to the sum of all weights. |  | Maximum: 256 <br />Minimum: 0 <br /> |
-| `check` _[Check](#check)_ | Check configures the health checks of the server. |  |  |
-| `initAddr` _string_ | InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN.<br />Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited<br />list. The first method which succeeds is used. |  |  |
-| `resolvers` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | Resolvers points to an existing resolvers to resolve current server hostname. |  |  |
-| `sendProxy` _boolean_ | SendProxy enforces use of the PROXY protocol over any<br />connection established to this server. The PROXY protocol informs the other<br />end about the layer 3/4 addresses of the incoming connection, so that it can<br />know the client address or the public address it accessed to, whatever the<br />upper layer protocol. |  |  |
+| `check` _[Check](#check)_ | Check configures the health checks of the server. |  | Optional: \{\} <br /> |
+| `initAddr` _string_ | InitAddr indicates in what order the server address should be resolved upon startup if it uses an FQDN.<br />Attempts are made to resolve the address by applying in turn each of the methods mentioned in the comma-delimited<br />list. The first method which succeeds is used. |  | Optional: \{\} <br /> |
+| `resolvers` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core)_ | Resolvers points to an existing resolvers to resolve current server hostname. |  | Optional: \{\} <br /> |
+| `sendProxy` _boolean_ | SendProxy enforces use of the PROXY protocol over any<br />connection established to this server. The PROXY protocol informs the other<br />end about the layer 3/4 addresses of the incoming connection, so that it can<br />know the client address or the public address it accessed to, whatever the<br />upper layer protocol. |  | Optional: \{\} <br /> |
 | `SendProxyV2` _[ProxyProtocol](#proxyprotocol)_ | SendProxyV2 preparing new update. |  |  |
-| `verifyHost` _string_ | VerifyHost is only available when support for OpenSSL was built in, and<br />only takes effect if pec.ssl.verify' is set to 'required'. This directive sets<br />a default static hostname to check the server certificate against when no<br />SNI was used to connect to the server. |  |  |
-| `sni` _string_ | SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL |  |  |
-| `checkSNI` _string_ | CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL |  |  |
-| `cookie` _boolean_ | Cookie sets the cookie value assigned to the server. |  |  |
-| `resolvePrefer` _string_ | When DNS resolution is enabled for a server and multiple IP addresses from different families are returned,<br />HAProxy will prefer using an IP address from the ipv4 or ipv6. |  |  |
+| `verifyHost` _string_ | VerifyHost is only available when support for OpenSSL was built in, and<br />only takes effect if pec.ssl.verify' is set to 'required'. This directive sets<br />a default static hostname to check the server certificate against when no<br />SNI was used to connect to the server. |  | Optional: \{\} <br /> |
+| `sni` _string_ | SNI This option allows you to specify the SNI to be used when connecting to the backend over SSL |  | Optional: \{\} <br /> |
+| `checkSNI` _string_ | CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL |  | Optional: \{\} <br /> |
+| `cookie` _boolean_ | Cookie sets the cookie value assigned to the server. |  | Optional: \{\} <br /> |
+| `resolvePrefer` _string_ | When DNS resolution is enabled for a server and multiple IP addresses from different families are returned,<br />HAProxy will prefer using an IP address from the ipv4 or ipv6. |  | Optional: \{\} <br /> |
 | `prefix` _string_ | Prefix for the server names to be built. |  | Pattern: `^[^\s]+$` <br /> |
-| `numMin` _integer_ | NumMin is the min number of servers as server name suffixes this template initializes. |  |  |
+| `numMin` _integer_ | NumMin is the min number of servers as server name suffixes this template initializes. |  | Optional: \{\} <br /> |
 | `num` _integer_ | Num is the max number of servers as server name suffixes this template initializes. |  |  |
 | `fqdn` _string_ | FQDN for all the servers this template initializes. |  |  |
 | `port` _integer_ | Port |  | Maximum: 65535 <br />Minimum: 1 <br /> |
@@ -1146,11 +1146,11 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br /> |
-| `condition` _string_ | Condition is a condition composed of ACLs. |  |  |
+| `conditionType` _string_ | ConditionType specifies the type of the condition matching ('if' or 'unless') |  | Enum: [if unless] <br />Optional: \{\} <br /> |
+| `condition` _string_ | Condition is a condition composed of ACLs. |  | Optional: \{\} <br /> |
 | `type` _string_ | Type specifies the type of the tcp-request rule. |  | Enum: [connection content inspect-delay session] <br /> |
-| `action` _string_ | Action defines the action to perform if the condition applies. |  | Enum: [accept capture do-resolve expect-netscaler-cip expect-proxy reject sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-dst-port set-dst set-priority set-src set-var silent-drop track-sc0 track-sc1 track-sc2 unset-var use-service lua] <br /> |
-| `timeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Timeout sets timeout for the action |  |  |
+| `action` _string_ | Action defines the action to perform if the condition applies. |  | Enum: [accept capture do-resolve expect-netscaler-cip expect-proxy reject sc-inc-gpc0 sc-inc-gpc1 sc-set-gpt0 send-spoe-group set-dst-port set-dst set-priority set-src set-var silent-drop track-sc0 track-sc1 track-sc2 unset-var use-service lua] <br />Optional: \{\} <br /> |
+| `timeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Timeout sets timeout for the action |  | Optional: \{\} <br /> |
 
 
 #### Timeouts
@@ -1166,8 +1166,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `resolve` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Resolve time to trigger name resolutions when no other time applied. Default value: 1s |  |  |
-| `retry` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Retry time between two DNS queries, when no valid response have been received. Default value: 1s |  |  |
+| `resolve` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Resolve time to trigger name resolutions when no other time applied. Default value: 1s |  | Optional: \{\} <br /> |
+| `retry` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Retry time between two DNS queries, when no valid response have been received. Default value: 1s |  | Optional: \{\} <br /> |
 
 
 
@@ -1212,10 +1212,10 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `mode` _string_ | Mode can be either 'tcp' or 'http'. In tcp mode it is a layer 4 proxy. In http mode it is a layer 7 proxy. | http | Enum: [http tcp] <br /> |
-| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  |  |
+| `errorFiles` _[ErrorFile](#errorfile) array_ | ErrorFiles custom error files to be used |  | Optional: \{\} <br /> |
 | `timeouts` _object (keys:string, values:[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta))_ | Timeouts: check, client, client-fin, connect, http-keep-alive, http-request, queue, server, server-fin, tunnel.<br />The timeout value specified in milliseconds by default, but can be in any other unit if the number is suffixed by the unit.<br />More info: https://cbonte.github.io/haproxy-dconv/2.6/configuration.html | \{ client:5s connect:5s server:10s \} |  |
-| `logging` _[DefaultsLoggingConfiguration](#defaultsloggingconfiguration)_ | Logging is used to configure default logging for all proxies. |  |  |
-| `additionalParameters` _string_ | AdditionalParameters can be used to specify any further configuration statements which are not covered in this section explicitly. |  |  |
+| `logging` _[DefaultsLoggingConfiguration](#defaultsloggingconfiguration)_ | Logging is used to configure default logging for all proxies. |  | Optional: \{\} <br /> |
+| `additionalParameters` _string_ | AdditionalParameters can be used to specify any further configuration statements which are not covered in this section explicitly. |  | Optional: \{\} <br /> |
 
 
 #### DefaultsLoggingConfiguration
@@ -1232,8 +1232,8 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `enabled` _boolean_ | Enabled will enable logs for all proxies |  |  |
-| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  |  |
-| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  |  |
+| `httpLog` _boolean_ | HTTPLog enables HTTP log format which is the most complete and the best suited for HTTP proxies. It provides<br />the same level of information as the TCP format with additional features which<br />are specific to the HTTP protocol. |  | Optional: \{\} <br /> |
+| `tcpLog` _boolean_ | TCPLog enables advanced logging of TCP connections with session state and timers. By default, the log output format<br />is very poor, as it only contains the source and destination addresses, and the instance name. |  | Optional: \{\} <br /> |
 
 
 #### GlobalConfiguration
@@ -1250,16 +1250,16 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `reload` _boolean_ | Reload enables auto-reload of the configuration using sockets. Requires an image that supports this feature. | false |  |
-| `statsTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | StatsTimeout sets the timeout on the stats socket. Default is set to 10 seconds. |  |  |
-| `logging` _[GlobalLoggingConfiguration](#globalloggingconfiguration)_ | Logging is used to enable and configure logging in the global section of the HAProxy configuration. |  |  |
-| `additionalParameters` _string_ | AdditionalParameters can be used to specify any further configuration statements which are not covered in this section explicitly. |  |  |
-| `additionalCertificates` _[SSLCertificate](#sslcertificate) array_ | AdditionalCertificates can be used to include global ssl certificates which can bes used in any listen |  |  |
-| `maxconn` _integer_ | Maxconn sets the maximum per-process number of concurrent connections. Proxies will stop accepting connections when this limit is reached. |  |  |
-| `nbthread` _integer_ | Nbthread this setting is only available when support for threads was built in. It makes HAProxy run on specified number of threads. |  |  |
-| `tune` _[GlobalTuneOptions](#globaltuneoptions)_ | TuneOptions sets the global tune options. |  |  |
-| `ssl` _[GlobalSSL](#globalssl)_ | GlobalSSL sets the global SSL options. |  |  |
-| `hardStopAfter` _[Duration](#duration)_ | HardStopAfter is the maximum time the instance will remain alive when a soft-stop is received. |  |  |
-| `ocsp` _[GlobalOCSPConfiguration](#globalocspconfiguration)_ | Ocsp is used to enable stapling at the global level for all certificates in the configuration. |  |  |
+| `statsTimeout` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | StatsTimeout sets the timeout on the stats socket. Default is set to 10 seconds. |  | Optional: \{\} <br /> |
+| `logging` _[GlobalLoggingConfiguration](#globalloggingconfiguration)_ | Logging is used to enable and configure logging in the global section of the HAProxy configuration. |  | Optional: \{\} <br /> |
+| `additionalParameters` _string_ | AdditionalParameters can be used to specify any further configuration statements which are not covered in this section explicitly. |  | Optional: \{\} <br /> |
+| `additionalCertificates` _[SSLCertificate](#sslcertificate) array_ | AdditionalCertificates can be used to include global ssl certificates which can bes used in any listen |  | Optional: \{\} <br /> |
+| `maxconn` _integer_ | Maxconn sets the maximum per-process number of concurrent connections. Proxies will stop accepting connections when this limit is reached. |  | Optional: \{\} <br /> |
+| `nbthread` _integer_ | Nbthread this setting is only available when support for threads was built in. It makes HAProxy run on specified number of threads. |  | Optional: \{\} <br /> |
+| `tune` _[GlobalTuneOptions](#globaltuneoptions)_ | TuneOptions sets the global tune options. |  | Optional: \{\} <br /> |
+| `ssl` _[GlobalSSL](#globalssl)_ | GlobalSSL sets the global SSL options. |  | Optional: \{\} <br /> |
+| `hardStopAfter` _[Duration](#duration)_ | HardStopAfter is the maximum time the instance will remain alive when a soft-stop is received. |  | Optional: \{\} <br /> |
+| `ocsp` _[GlobalOCSPConfiguration](#globalocspconfiguration)_ | Ocsp is used to enable stapling at the global level for all certificates in the configuration. |  | Optional: \{\} <br /> |
 
 
 #### GlobalLoggingConfiguration
@@ -1278,10 +1278,10 @@ _Appears in:_
 | `enabled` _boolean_ | Enabled will toggle the creation of a global syslog server. |  |  |
 | `address` _string_ | Address can be a filesystem path to a UNIX domain socket or a remote syslog target (IPv4/IPv6 address optionally followed by a colon and a UDP port). | /var/lib/rsyslog/rsyslog.sock | Pattern: `^[^\s]+$` <br /> |
 | `facility` _string_ | Facility must be one of the 24 standard syslog facilities. | local0 | Enum: [kern user mail daemon auth syslog lpr news uucp cron auth2 ftp ntp audit alert cron2 local0 local1 local2 local3 local4 local5 local6 local7] <br /> |
-| `level` _string_ | Level can be specified to filter outgoing messages. By default, all messages are sent. |  | Enum: [emerg alert crit err warning notice info debug] <br /> |
-| `format` _string_ | Format is the log format used when generating syslog messages. |  | Enum: [rfc3164 rfc5424 short raw] <br /> |
-| `sendHostname` _boolean_ | SendHostname sets the hostname field in the syslog header.  Generally used if one is not relaying logs through an<br />intermediate syslog server. |  |  |
-| `hostname` _string_ | Hostname specifies a value for the syslog hostname header, otherwise uses the hostname of the system. |  |  |
+| `level` _string_ | Level can be specified to filter outgoing messages. By default, all messages are sent. |  | Enum: [emerg alert crit err warning notice info debug] <br />Optional: \{\} <br /> |
+| `format` _string_ | Format is the log format used when generating syslog messages. |  | Enum: [rfc3164 rfc5424 short raw] <br />Optional: \{\} <br /> |
+| `sendHostname` _boolean_ | SendHostname sets the hostname field in the syslog header.  Generally used if one is not relaying logs through an<br />intermediate syslog server. |  | Optional: \{\} <br /> |
+| `hostname` _string_ | Hostname specifies a value for the syslog hostname header, otherwise uses the hostname of the system. |  | Optional: \{\} <br /> |
 
 
 #### GlobalOCSPConfiguration
@@ -1297,9 +1297,9 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `mode` _boolean_ | Mode Enable automatic OCSP response update when set to 'on', disable it otherwise.<br />Its value defaults to 'off'. |  |  |
-| `maxDelay` _integer_ | MaxDelay sets the maximum interval between two automatic updates of the same OCSP<br />response. This time is expressed in seconds and defaults to 3600 (1 hour). |  |  |
-| `minDelay` _integer_ | MinDelay sets the minimum interval between two automatic updates of the same OCSP<br />response. This time is expressed in seconds and defaults to 300 (5 minutes). |  |  |
+| `mode` _boolean_ | Mode Enable automatic OCSP response update when set to 'on', disable it otherwise.<br />Its value defaults to 'off'. |  | Optional: \{\} <br /> |
+| `maxDelay` _integer_ | MaxDelay sets the maximum interval between two automatic updates of the same OCSP<br />response. This time is expressed in seconds and defaults to 3600 (1 hour). |  | Optional: \{\} <br /> |
+| `minDelay` _integer_ | MinDelay sets the minimum interval between two automatic updates of the same OCSP<br />response. This time is expressed in seconds and defaults to 300 (5 minutes). |  | Optional: \{\} <br /> |
 | `httpproxy` _[OcspUpdateOptionsHttpproxy](#ocspupdateoptionshttpproxy)_ | HttpProxy Allow to use an HTTP proxy for the OCSP updates. This only works with HTTP,<br />HTTPS is not supported. This option will allow the OCSP updater to send<br />absolute URI in the request to the proxy. |  |  |
 
 
@@ -1316,9 +1316,9 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `defaultBindCiphers` _string array_ | DefaultBindCiphers sets the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake up to TLSv1.2 for all<br />binds which do not explicitly define theirs. |  |  |
-| `defaultBindCipherSuites` _string array_ | DefaultBindCipherSuites sets the default list of cipher algorithms ("cipher suite") that are negotiated<br />during the TLSv1.3 handshake for all binds which do not explicitly define theirs. |  |  |
-| `defaultBindOptions` _[GlobalSSLDefaultBindOptions](#globalssldefaultbindoptions)_ | DefaultBindOptions sets default ssl-options to force on all binds. |  |  |
+| `defaultBindCiphers` _string array_ | DefaultBindCiphers sets the list of cipher algorithms ("cipher suite") that are negotiated during the SSL/TLS handshake up to TLSv1.2 for all<br />binds which do not explicitly define theirs. |  | Optional: \{\} <br /> |
+| `defaultBindCipherSuites` _string array_ | DefaultBindCipherSuites sets the default list of cipher algorithms ("cipher suite") that are negotiated<br />during the TLSv1.3 handshake for all binds which do not explicitly define theirs. |  | Optional: \{\} <br /> |
+| `defaultBindOptions` _[GlobalSSLDefaultBindOptions](#globalssldefaultbindoptions)_ | DefaultBindOptions sets default ssl-options to force on all binds. |  | Optional: \{\} <br /> |
 
 
 #### GlobalSSLDefaultBindOptions
@@ -1334,7 +1334,7 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `minVersion` _string_ | MinVersion enforces use of the specified version or upper on SSL connections<br />instantiated from this listener. |  | Enum: [SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3] <br /> |
+| `minVersion` _string_ | MinVersion enforces use of the specified version or upper on SSL connections<br />instantiated from this listener. |  | Enum: [SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3] <br />Optional: \{\} <br /> |
 
 
 #### GlobalSSLTuneOptions
@@ -1350,14 +1350,14 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `cacheSize` _integer_ | CacheSize sets the size of the global SSL session cache, in a number of blocks. A block<br />is large enough to contain an encoded session without peer certificate.  An<br />encoded session with peer certificate is stored in multiple blocks depending<br />on the size of the peer certificate. The default value may be forced<br />at build time, otherwise defaults to 20000.  Setting this value to 0 disables the SSL session cache. |  |  |
-| `keylog` _string_ | Keylog activates the logging of the TLS keys. It should be used with<br />care as it will consume more memory per SSL session and could decrease<br />performances. This is disabled by default. |  |  |
-| `lifetime` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Lifetime sets how long a cached SSL session may remain valid. This time defaults to 5 min. It is important<br />to understand that it does not guarantee that sessions will last that long, because if the cache is<br />full, the longest idle sessions will be purged despite their configured lifetime. |  |  |
-| `forcePrivateCache` _boolean_ | ForcePrivateCache disables SSL session cache sharing between all processes. It<br />should normally not be used since it will force many renegotiations due to<br />clients hitting a random process. |  |  |
-| `maxRecord` _integer_ | MaxRecord sets the maximum amount of bytes passed to SSL_write() at a time. Default<br />value 0 means there is no limit. Over SSL/TLS, the client can decipher the<br />data only once it has received a full record. |  |  |
-| `defaultDHParam` _integer_ | DefaultDHParam sets the maximum size of the Diffie-Hellman parameters used for generating<br />the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The<br />final size will try to match the size of the server's RSA (or DSA) key (e.g,<br />a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed<br />this maximum value. Default value if 2048. |  |  |
-| `ctxCacheSize` _integer_ | CtxCacheSize sets the size of the cache used to store generated certificates to <number><br />entries. This is an LRU cache. Because generating an SSL certificate<br />dynamically is expensive, they are cached. The default cache size is set to 1000 entries. |  |  |
-| `captureBufferSize` _integer_ | CaptureBufferSize sets the maximum size of the buffer used for capturing client hello cipher<br />list, extensions list, elliptic curves list and elliptic curve point<br />formats. If the value is 0 (default value) the capture is disabled,<br />otherwise a buffer is allocated for each SSL/TLS connection. |  |  |
+| `cacheSize` _integer_ | CacheSize sets the size of the global SSL session cache, in a number of blocks. A block<br />is large enough to contain an encoded session without peer certificate.  An<br />encoded session with peer certificate is stored in multiple blocks depending<br />on the size of the peer certificate. The default value may be forced<br />at build time, otherwise defaults to 20000.  Setting this value to 0 disables the SSL session cache. |  | Optional: \{\} <br /> |
+| `keylog` _string_ | Keylog activates the logging of the TLS keys. It should be used with<br />care as it will consume more memory per SSL session and could decrease<br />performances. This is disabled by default. |  | Optional: \{\} <br /> |
+| `lifetime` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#duration-v1-meta)_ | Lifetime sets how long a cached SSL session may remain valid. This time defaults to 5 min. It is important<br />to understand that it does not guarantee that sessions will last that long, because if the cache is<br />full, the longest idle sessions will be purged despite their configured lifetime. |  | Optional: \{\} <br /> |
+| `forcePrivateCache` _boolean_ | ForcePrivateCache disables SSL session cache sharing between all processes. It<br />should normally not be used since it will force many renegotiations due to<br />clients hitting a random process. |  | Optional: \{\} <br /> |
+| `maxRecord` _integer_ | MaxRecord sets the maximum amount of bytes passed to SSL_write() at a time. Default<br />value 0 means there is no limit. Over SSL/TLS, the client can decipher the<br />data only once it has received a full record. |  | Optional: \{\} <br /> |
+| `defaultDHParam` _integer_ | DefaultDHParam sets the maximum size of the Diffie-Hellman parameters used for generating<br />the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The<br />final size will try to match the size of the server's RSA (or DSA) key (e.g,<br />a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed<br />this maximum value. Default value if 2048. |  | Optional: \{\} <br /> |
+| `ctxCacheSize` _integer_ | CtxCacheSize sets the size of the cache used to store generated certificates to <number><br />entries. This is an LRU cache. Because generating an SSL certificate<br />dynamically is expensive, they are cached. The default cache size is set to 1000 entries. |  | Optional: \{\} <br /> |
+| `captureBufferSize` _integer_ | CaptureBufferSize sets the maximum size of the buffer used for capturing client hello cipher<br />list, extensions list, elliptic curves list and elliptic curve point<br />formats. If the value is 0 (default value) the capture is disabled,<br />otherwise a buffer is allocated for each SSL/TLS connection. |  | Optional: \{\} <br /> |
 
 
 #### GlobalTuneOptions
@@ -1373,11 +1373,11 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `maxrewrite` _integer_ | Maxrewrite sets the reserved buffer space to this size in bytes. The reserved space is<br />used for header rewriting or appending. The first reads on sockets will never<br />fill more than bufsize-maxrewrite. |  |  |
-| `buffers_limit` _integer_ | BuffersLimit Sets a hard limit on the number of buffers which may be allocated per process.<br />The default value is zero which means unlimited. The limit will automatically<br />be re-adjusted to satisfy the reserved buffers for emergency situations so<br />that the user doesn't have to perform complicated calculations. |  |  |
-| `bufsize` _integer_ | Bufsize sets the buffer size to this size (in bytes). Lower values allow more<br />sessions to coexist in the same amount of RAM, and higher values allow some<br />applications with very large cookies to work. |  |  |
-| `buffers_reserve` _integer_ | BuffersReserve Sets the number of per-thread buffers which are pre-allocated and<br />reserved for use only during memory shortage conditions resulting in failed memory<br />allocations. The minimum value is 2 and the default is 4. |  |  |
-| `ssl` _[GlobalSSLTuneOptions](#globalssltuneoptions)_ | SSL sets the SSL tune options. |  |  |
+| `maxrewrite` _integer_ | Maxrewrite sets the reserved buffer space to this size in bytes. The reserved space is<br />used for header rewriting or appending. The first reads on sockets will never<br />fill more than bufsize-maxrewrite. |  | Optional: \{\} <br /> |
+| `buffers_limit` _integer_ | BuffersLimit Sets a hard limit on the number of buffers which may be allocated per process.<br />The default value is zero which means unlimited. The limit will automatically<br />be re-adjusted to satisfy the reserved buffers for emergency situations so<br />that the user doesn't have to perform complicated calculations. |  | Optional: \{\} <br /> |
+| `bufsize` _integer_ | Bufsize sets the buffer size to this size (in bytes). Lower values allow more<br />sessions to coexist in the same amount of RAM, and higher values allow some<br />applications with very large cookies to work. |  | Optional: \{\} <br /> |
+| `buffers_reserve` _integer_ | BuffersReserve Sets the number of per-thread buffers which are pre-allocated and<br />reserved for use only during memory shortage conditions resulting in failed memory<br />allocations. The minimum value is 2 and the default is 4. |  | Optional: \{\} <br /> |
+| `ssl` _[GlobalSSLTuneOptions](#globalssltuneoptions)_ | SSL sets the SSL tune options. |  | Optional: \{\} <br /> |
 
 
 #### Instance
@@ -1416,21 +1416,21 @@ _Appears in:_
 | `replicas` _integer_ | Replicas is the desired number of replicas of the HAProxy Instance. | 1 |  |
 | `network` _[Network](#network)_ | Network contains the configuration of Route, Services and other network related configuration. |  |  |
 | `configuration` _[Configuration](#configuration)_ | Configuration is used to bootstrap the global and defaults section of the HAProxy configuration. |  |  |
-| `rolloutOnConfigChange` _boolean_ | RolloutOnConfigChange enable rollout on config changes |  |  |
+| `rolloutOnConfigChange` _boolean_ | RolloutOnConfigChange enable rollout on config changes |  | Optional: \{\} <br /> |
 | `image` _string_ | Image specifies the HaProxy image including th tag. | haproxy:latest |  |
-| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | Resources defines the resource requirements for the HAProxy pods. |  |  |
-| `sidecars` _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#container-v1-core) array_ | Sidecars additional sidecar containers |  |  |
-| `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to use to run this Instance. |  |  |
-| `imagePullSecrets` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core) array_ | ImagePullSecrets is an optional list of secret names in the same namespace to use for pulling any of the images used. |  |  |
-| `allowPrivilegedPorts` _boolean_ | AllowPrivilegedPorts allows to bind sockets with port numbers less than 1024. |  |  |
-| `placement` _[Placement](#placement)_ | Placement define how the instance's pods should be scheduled. |  |  |
-| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#pullpolicy-v1-core)_ | ImagePullPolicy one of Always, Never, IfNotPresent. |  |  |
-| `metrics` _[Metrics](#metrics)_ | Metrics defines the metrics endpoint and scraping configuration. |  |  |
-| `labels` _object (keys:string, values:string)_ | Labels additional labels for the ha-proxy pods |  |  |
-| `env` _object (keys:string, values:string)_ | Env additional environment variables |  |  |
-| `readinessProbe` _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#probe-v1-core)_ | ReadinessProbe the readiness probe for the main container |  |  |
-| `livenessProbe` _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#probe-v1-core)_ | LivenessProbe the liveness probe for the main container |  |  |
-| `podDisruptionBudget` _[PodDisruptionBudget](#poddisruptionbudget)_ | PodDisruptionBudget defines pod disruptions options |  |  |
+| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#resourcerequirements-v1-core)_ | Resources defines the resource requirements for the HAProxy pods. |  | Optional: \{\} <br /> |
+| `sidecars` _[Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#container-v1-core) array_ | Sidecars additional sidecar containers |  | Optional: \{\} <br /> |
+| `serviceAccountName` _string_ | ServiceAccountName is the name of the ServiceAccount to use to run this Instance. |  | Optional: \{\} <br /> |
+| `imagePullSecrets` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#localobjectreference-v1-core) array_ | ImagePullSecrets is an optional list of secret names in the same namespace to use for pulling any of the images used. |  | Optional: \{\} <br /> |
+| `allowPrivilegedPorts` _boolean_ | AllowPrivilegedPorts allows to bind sockets with port numbers less than 1024. |  | Optional: \{\} <br /> |
+| `placement` _[Placement](#placement)_ | Placement define how the instance's pods should be scheduled. |  | Optional: \{\} <br /> |
+| `imagePullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#pullpolicy-v1-core)_ | ImagePullPolicy one of Always, Never, IfNotPresent. |  | Optional: \{\} <br /> |
+| `metrics` _[Metrics](#metrics)_ | Metrics defines the metrics endpoint and scraping configuration. |  | Optional: \{\} <br /> |
+| `labels` _object (keys:string, values:string)_ | Labels additional labels for the ha-proxy pods |  | Optional: \{\} <br /> |
+| `env` _object (keys:string, values:string)_ | Env additional environment variables |  | Optional: \{\} <br /> |
+| `readinessProbe` _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#probe-v1-core)_ | ReadinessProbe the readiness probe for the main container |  | Optional: \{\} <br /> |
+| `livenessProbe` _[Probe](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#probe-v1-core)_ | LivenessProbe the liveness probe for the main container |  | Optional: \{\} <br /> |
+| `podDisruptionBudget` _[PodDisruptionBudget](#poddisruptionbudget)_ | PodDisruptionBudget defines pod disruptions options |  | Optional: \{\} <br /> |
 
 
 #### Metrics
@@ -1447,10 +1447,10 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `enabled` _boolean_ | Enabled will enable metrics globally for Instance. |  |  |
-| `address` _string_ | Address to bind the metrics endpoint (default: '0.0.0.0'). | 0.0.0.0 |  |
+| `address` _string_ | Address to bind the metrics endpoint (default: '0.0.0.0'). | 0.0.0.0 | Optional: \{\} <br /> |
 | `port` _integer_ | Port specifies the port used for metrics. |  |  |
-| `relabelings` _RelabelConfig array_ | RelabelConfigs to apply to samples before scraping.<br />More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |  |  |
-| `interval` _[Duration](#duration)_ | Interval at which metrics should be scraped<br />If not specified Prometheus' global scrape interval is used. |  |  |
+| `relabelings` _RelabelConfig array_ | RelabelConfigs to apply to samples before scraping.<br />More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |  | Optional: \{\} <br /> |
+| `interval` _[Duration](#duration)_ | Interval at which metrics should be scraped<br />If not specified Prometheus' global scrape interval is used. |  | Optional: \{\} <br /> |
 
 
 #### Network
@@ -1485,7 +1485,7 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `address` _string_ | Address can be a host name, an IPv4 address or an IPv6 address |  | Pattern: `^[^\s]+$` <br /> |
+| `address` _string_ | Address can be a host name, an IPv4 address or an IPv6 address |  | Pattern: `^[^\s]+$` <br />Optional: \{\} <br /> |
 | `port` _integer_ | Port |  |  |
 
 
@@ -1502,8 +1502,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `nodeSelector` _object (keys:string, values:string)_ | NodeSelector is a selector which must be true for the pod to fit on a node. |  |  |
-| `topologySpreadConstraints` _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#topologyspreadconstraint-v1-core) array_ | TopologySpreadConstraints describes how a group of pods ought to spread across topology<br />domains. Scheduler will schedule pods in a way which abides by the constraints. |  |  |
+| `nodeSelector` _object (keys:string, values:string)_ | NodeSelector is a selector which must be true for the pod to fit on a node. |  | Optional: \{\} <br /> |
+| `topologySpreadConstraints` _[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#topologyspreadconstraint-v1-core) array_ | TopologySpreadConstraints describes how a group of pods ought to spread across topology<br />domains. Scheduler will schedule pods in a way which abides by the constraints. |  | Optional: \{\} <br /> |
 
 
 #### PodDisruptionBudget
@@ -1519,8 +1519,8 @@ _Appears in:_
 
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
-| `minAvailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#intorstring-intstr-util)_ | An eviction is allowed if at least “minAvailable“ pods selected by “selector” will still be available after the eviction |  |  |
-| `maxUnavailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#intorstring-intstr-util)_ | An eviction is allowed if at most “maxUnavailable“ pods selected by “selector” are unavailable after the eviction |  |  |
+| `minAvailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#intorstring-intstr-util)_ | An eviction is allowed if at least “minAvailable“ pods selected by “selector” will still be available after the eviction |  | Optional: \{\} <br /> |
+| `maxUnavailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#intorstring-intstr-util)_ | An eviction is allowed if at most “maxUnavailable“ pods selected by “selector” are unavailable after the eviction |  | Optional: \{\} <br /> |
 
 
 #### RouteSpec
@@ -1554,7 +1554,7 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `enabled` _boolean_ | Enabled will toggle the creation of a Service. |  |  |
-| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#servicetype-v1-core)_ | Type will define the Service Type. | ClusterIP | Enum: [ClusterIP NodePort LoadBalancer] <br /> |
-| `annotations` _object (keys:string, values:string)_ | Annotations to be added to Service. |  |  |
+| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#servicetype-v1-core)_ | Type will define the Service Type. | ClusterIP | Enum: [ClusterIP NodePort LoadBalancer] <br />Optional: \{\} <br /> |
+| `annotations` _object (keys:string, values:string)_ | Annotations to be added to Service. |  | Optional: \{\} <br /> |
 
 
diff --git a/go.mod b/go.mod
index 75d06ee..325ad9f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,22 +1,22 @@
 module github.com/six-group/haproxy-operator
 
-go 1.24.10
+go 1.26.0
 
 require (
 	github.com/go-openapi/strfmt v0.25.0
-	github.com/haproxytech/client-native/v6 v6.2.5
-	github.com/onsi/ginkgo/v2 v2.27.2
-	github.com/onsi/gomega v1.38.2
-	github.com/openshift/api v0.0.0-20251110111612-b69d477b85f5 // latest commit of branch https://github.com/openshift/api/tree/release-4.21
-	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.86.2
+	github.com/haproxytech/client-native/v6 v6.2.7
+	github.com/onsi/ginkgo/v2 v2.28.1
+	github.com/onsi/gomega v1.39.1
+	github.com/openshift/api v0.0.0-20260219144226-3c4723ad34ff // latest commit of branch https://github.com/openshift/api/tree/release-4.21
+	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0
 	go.uber.org/multierr v1.11.0
-	go.uber.org/zap v1.27.0
-	k8s.io/api v0.34.2
-	k8s.io/apimachinery v0.34.2
-	k8s.io/client-go v0.34.2
+	go.uber.org/zap v1.27.1
+	k8s.io/api v0.35.1
+	k8s.io/apimachinery v0.35.1
+	k8s.io/client-go v0.35.1
 	k8s.io/klog/v2 v2.130.1
-	k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
-	sigs.k8s.io/controller-runtime v0.22.4
+	k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2
+	sigs.k8s.io/controller-runtime v0.23.1
 )
 
 require (
@@ -31,73 +31,69 @@ require (
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
-	github.com/go-openapi/analysis v0.23.0 // indirect
-	github.com/go-openapi/errors v0.22.4 // indirect
-	github.com/go-openapi/jsonpointer v0.22.0 // indirect
-	github.com/go-openapi/jsonreference v0.21.1 // indirect
-	github.com/go-openapi/loads v0.22.0 // indirect
-	github.com/go-openapi/spec v0.21.0 // indirect
-	github.com/go-openapi/swag v0.24.1 // indirect
-	github.com/go-openapi/swag/cmdutils v0.24.0 // indirect
-	github.com/go-openapi/swag/conv v0.24.0 // indirect
-	github.com/go-openapi/swag/fileutils v0.24.0 // indirect
-	github.com/go-openapi/swag/jsonname v0.24.0 // indirect
-	github.com/go-openapi/swag/jsonutils v0.24.0 // indirect
-	github.com/go-openapi/swag/loading v0.24.0 // indirect
-	github.com/go-openapi/swag/mangling v0.24.0 // indirect
-	github.com/go-openapi/swag/netutils v0.24.0 // indirect
-	github.com/go-openapi/swag/stringutils v0.24.0 // indirect
-	github.com/go-openapi/swag/typeutils v0.24.0 // indirect
-	github.com/go-openapi/swag/yamlutils v0.24.0 // indirect
-	github.com/go-openapi/validate v0.24.0 // indirect
+	github.com/go-openapi/analysis v0.24.2 // indirect
+	github.com/go-openapi/errors v0.22.6 // indirect
+	github.com/go-openapi/jsonpointer v0.22.4 // indirect
+	github.com/go-openapi/jsonreference v0.21.4 // indirect
+	github.com/go-openapi/loads v0.23.2 // indirect
+	github.com/go-openapi/spec v0.22.3 // indirect
+	github.com/go-openapi/swag v0.25.4 // indirect
+	github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
+	github.com/go-openapi/swag/conv v0.25.4 // indirect
+	github.com/go-openapi/swag/fileutils v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+	github.com/go-openapi/swag/loading v0.25.4 // indirect
+	github.com/go-openapi/swag/mangling v0.25.4 // indirect
+	github.com/go-openapi/swag/netutils v0.25.4 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
+	github.com/go-openapi/validate v0.25.1 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
-	github.com/gofrs/flock v0.12.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
+	github.com/gofrs/flock v0.13.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 // indirect
+	github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect
 	github.com/google/renameio v1.0.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/haproxytech/go-logger v1.1.0 // indirect
-	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/mailru/easyjson v0.9.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.22.0 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/prometheus/client_golang v1.23.2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.66.1 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/spf13/pflag v1.0.9 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.mongodb.org/mongo-driver v1.17.6 // indirect
+	go.mongodb.org/mongo-driver v1.17.7 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/mod v0.28.0 // indirect
-	golang.org/x/net v0.46.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/term v0.36.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
+	golang.org/x/mod v0.32.0 // indirect
+	golang.org/x/net v0.49.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/term v0.39.0 // indirect
+	golang.org/x/text v0.33.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.37.0 // indirect
+	golang.org/x/tools v0.41.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.7 // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	google.golang.org/protobuf v1.36.8 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.34.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
+	k8s.io/apiextensions-apiserver v0.35.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 8be876c..4dfb999 100644
--- a/go.sum
+++ b/go.sum
@@ -24,62 +24,66 @@ github.com/gkampitakis/go-diff v1.3.2 h1:Qyn0J9XJSDTgnsgHRdz9Zp24RaJeKMUHg2+PDZZ
 github.com/gkampitakis/go-diff v1.3.2/go.mod h1:LLgOrpqleQe26cte8s36HTWcTmMEur6OPYerdAAS9tk=
 github.com/gkampitakis/go-snaps v0.5.15 h1:amyJrvM1D33cPHwVrjo9jQxX8g/7E2wYdZ+01KS3zGE=
 github.com/gkampitakis/go-snaps v0.5.15/go.mod h1:HNpx/9GoKisdhw9AFOBT1N7DBs9DiHo/hGheFGBZ+mc=
-github.com/go-faker/faker/v4 v4.6.2 h1:IR1uQUYotFZnuTL7Iuy0FDGtHM5Rt1Q+2nipH9gnqKs=
-github.com/go-faker/faker/v4 v4.6.2/go.mod h1:u1dIRP5neLB6kTzgyVjdBOV5R1uP7BdxkcWk7tiKQXk=
+github.com/go-faker/faker/v4 v4.7.0 h1:VboC02cXHl/NuQh5lM2W8b87yp4iFXIu59x4w0RZi4E=
+github.com/go-faker/faker/v4 v4.7.0/go.mod h1:u1dIRP5neLB6kTzgyVjdBOV5R1uP7BdxkcWk7tiKQXk=
 github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
-github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
-github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=
-github.com/go-openapi/errors v0.22.4 h1:oi2K9mHTOb5DPW2Zjdzs/NIvwi2N3fARKaTJLdNabaM=
-github.com/go-openapi/errors v0.22.4/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk=
-github.com/go-openapi/jsonpointer v0.22.0 h1:TmMhghgNef9YXxTu1tOopo+0BGEytxA+okbry0HjZsM=
-github.com/go-openapi/jsonpointer v0.22.0/go.mod h1:xt3jV88UtExdIkkL7NloURjRQjbeUgcxFblMjq2iaiU=
-github.com/go-openapi/jsonreference v0.21.1 h1:bSKrcl8819zKiOgxkbVNRUBIr6Wwj9KYrDbMjRs0cDA=
-github.com/go-openapi/jsonreference v0.21.1/go.mod h1:PWs8rO4xxTUqKGu+lEvvCxD5k2X7QYkKAepJyCmSTT8=
-github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=
-github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=
-github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
-github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
+github.com/go-openapi/analysis v0.24.2 h1:6p7WXEuKy1llDgOH8FooVeO+Uq2za9qoAOq4ZN08B50=
+github.com/go-openapi/analysis v0.24.2/go.mod h1:x27OOHKANE0lutg2ml4kzYLoHGMKgRm1Cj2ijVOjJuE=
+github.com/go-openapi/errors v0.22.6 h1:eDxcf89O8odEnohIXwEjY1IB4ph5vmbUsBMsFNwXWPo=
+github.com/go-openapi/errors v0.22.6/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk=
+github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
+github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
+github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
+github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
+github.com/go-openapi/loads v0.23.2 h1:rJXAcP7g1+lWyBHC7iTY+WAF0rprtM+pm8Jxv1uQJp4=
+github.com/go-openapi/loads v0.23.2/go.mod h1:IEVw1GfRt/P2Pplkelxzj9BYFajiWOtY2nHZNj4UnWY=
+github.com/go-openapi/spec v0.22.3 h1:qRSmj6Smz2rEBxMnLRBMeBWxbbOvuOoElvSvObIgwQc=
+github.com/go-openapi/spec v0.22.3/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
 github.com/go-openapi/strfmt v0.25.0 h1:7R0RX7mbKLa9EYCTHRcCuIPcaqlyQiWNPTXwClK0saQ=
 github.com/go-openapi/strfmt v0.25.0/go.mod h1:nNXct7OzbwrMY9+5tLX4I21pzcmE6ccMGXl3jFdPfn8=
-github.com/go-openapi/swag v0.24.1 h1:DPdYTZKo6AQCRqzwr/kGkxJzHhpKxZ9i/oX0zag+MF8=
-github.com/go-openapi/swag v0.24.1/go.mod h1:sm8I3lCPlspsBBwUm1t5oZeWZS0s7m/A+Psg0ooRU0A=
-github.com/go-openapi/swag/cmdutils v0.24.0 h1:KlRCffHwXFI6E5MV9n8o8zBRElpY4uK4yWyAMWETo9I=
-github.com/go-openapi/swag/cmdutils v0.24.0/go.mod h1:uxib2FAeQMByyHomTlsP8h1TtPd54Msu2ZDU/H5Vuf8=
-github.com/go-openapi/swag/conv v0.24.0 h1:ejB9+7yogkWly6pnruRX45D1/6J+ZxRu92YFivx54ik=
-github.com/go-openapi/swag/conv v0.24.0/go.mod h1:jbn140mZd7EW2g8a8Y5bwm8/Wy1slLySQQ0ND6DPc2c=
-github.com/go-openapi/swag/fileutils v0.24.0 h1:U9pCpqp4RUytnD689Ek/N1d2N/a//XCeqoH508H5oak=
-github.com/go-openapi/swag/fileutils v0.24.0/go.mod h1:3SCrCSBHyP1/N+3oErQ1gP+OX1GV2QYFSnrTbzwli90=
-github.com/go-openapi/swag/jsonname v0.24.0 h1:2wKS9bgRV/xB8c62Qg16w4AUiIrqqiniJFtZGi3dg5k=
-github.com/go-openapi/swag/jsonname v0.24.0/go.mod h1:GXqrPzGJe611P7LG4QB9JKPtUZ7flE4DOVechNaDd7Q=
-github.com/go-openapi/swag/jsonutils v0.24.0 h1:F1vE1q4pg1xtO3HTyJYRmEuJ4jmIp2iZ30bzW5XgZts=
-github.com/go-openapi/swag/jsonutils v0.24.0/go.mod h1:vBowZtF5Z4DDApIoxcIVfR8v0l9oq5PpYRUuteVu6f0=
-github.com/go-openapi/swag/loading v0.24.0 h1:ln/fWTwJp2Zkj5DdaX4JPiddFC5CHQpvaBKycOlceYc=
-github.com/go-openapi/swag/loading v0.24.0/go.mod h1:gShCN4woKZYIxPxbfbyHgjXAhO61m88tmjy0lp/LkJk=
-github.com/go-openapi/swag/mangling v0.24.0 h1:PGOQpViCOUroIeak/Uj/sjGAq9LADS3mOyjznmHy2pk=
-github.com/go-openapi/swag/mangling v0.24.0/go.mod h1:Jm5Go9LHkycsz0wfoaBDkdc4CkpuSnIEf62brzyCbhc=
-github.com/go-openapi/swag/netutils v0.24.0 h1:Bz02HRjYv8046Ycg/w80q3g9QCWeIqTvlyOjQPDjD8w=
-github.com/go-openapi/swag/netutils v0.24.0/go.mod h1:WRgiHcYTnx+IqfMCtu0hy9oOaPR0HnPbmArSRN1SkZM=
-github.com/go-openapi/swag/stringutils v0.24.0 h1:i4Z/Jawf9EvXOLUbT97O0HbPUja18VdBxeadyAqS1FM=
-github.com/go-openapi/swag/stringutils v0.24.0/go.mod h1:5nUXB4xA0kw2df5PRipZDslPJgJut+NjL7D25zPZ/4w=
-github.com/go-openapi/swag/typeutils v0.24.0 h1:d3szEGzGDf4L2y1gYOSSLeK6h46F+zibnEas2Jm/wIw=
-github.com/go-openapi/swag/typeutils v0.24.0/go.mod h1:q8C3Kmk/vh2VhpCLaoR2MVWOGP8y7Jc8l82qCTd1DYI=
-github.com/go-openapi/swag/yamlutils v0.24.0 h1:bhw4894A7Iw6ne+639hsBNRHg9iZg/ISrOVr+sJGp4c=
-github.com/go-openapi/swag/yamlutils v0.24.0/go.mod h1:DpKv5aYuaGm/sULePoeiG8uwMpZSfReo1HR3Ik0yaG8=
+github.com/go-openapi/swag v0.25.4 h1:OyUPUFYDPDBMkqyxOTkqDYFnrhuhi9NR6QVUvIochMU=
+github.com/go-openapi/swag v0.25.4/go.mod h1:zNfJ9WZABGHCFg2RnY0S4IOkAcVTzJ6z2Bi+Q4i6qFQ=
+github.com/go-openapi/swag/cmdutils v0.25.4 h1:8rYhB5n6WawR192/BfUu2iVlxqVR9aRgGJP6WaBoW+4=
+github.com/go-openapi/swag/cmdutils v0.25.4/go.mod h1:pdae/AFo6WxLl5L0rq87eRzVPm/XRHM3MoYgRMvG4A0=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/fileutils v0.25.4 h1:2oI0XNW5y6UWZTC7vAxC8hmsK/tOkWXHJQH4lKjqw+Y=
+github.com/go-openapi/swag/fileutils v0.25.4/go.mod h1:cdOT/PKbwcysVQ9Tpr0q20lQKH7MGhOEb6EwmHOirUk=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/mangling v0.25.4 h1:2b9kBJk9JvPgxr36V23FxJLdwBrpijI26Bx5JH4Hp48=
+github.com/go-openapi/swag/mangling v0.25.4/go.mod h1:6dxwu6QyORHpIIApsdZgb6wBk/DPU15MdyYj/ikn0Hg=
+github.com/go-openapi/swag/netutils v0.25.4 h1:Gqe6K71bGRb3ZQLusdI8p/y1KLgV4M/k+/HzVSqT8H0=
+github.com/go-openapi/swag/netutils v0.25.4/go.mod h1:m2W8dtdaoX7oj9rEttLyTeEFFEBvnAx9qHd5nJEBzYg=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
+github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
 github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
 github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
-github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
-github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
+github.com/go-openapi/validate v0.25.1 h1:sSACUI6Jcnbo5IWqbYHgjibrhhmt3vR6lCzKZnmAgBw=
+github.com/go-openapi/validate v0.25.1/go.mod h1:RMVyVFYte0gbSTaZ0N4KmTn6u/kClvAFp+mAVfS/DQc=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
-github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
+github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
 github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
-github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
-github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
+github.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=
+github.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
@@ -91,18 +95,16 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8=
-github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc=
+github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
 github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/haproxytech/client-native/v6 v6.2.5 h1:2m9r+SRlQNkxaM8G7/D1YGpB6W+uLu53UlFGszoT4CY=
-github.com/haproxytech/client-native/v6 v6.2.5/go.mod h1:apDGBMRSJCSVyO2lqJ2wJrf5HPt8bxjpAwgGZP035LU=
+github.com/haproxytech/client-native/v6 v6.2.7 h1:6E2WUvC7uN+JgpF4koJYT4ArXdIIcCbCH5aUgJgQxNY=
+github.com/haproxytech/client-native/v6 v6.2.7/go.mod h1:EcNcBJk3NqAT0q/xZZwVP9tSS6YDXJoM5+2h9/1gHks=
 github.com/haproxytech/go-logger v1.1.0 h1:HgGtYaI1ApkvbQdsm7f9AzQQoxTB7w37criTflh7IQE=
 github.com/haproxytech/go-logger v1.1.0/go.mod h1:OekUd8HCb7ubxMplzHUPBTHNxZmddOWfOjWclZsqIeM=
-github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
-github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE=
 github.com/joshdk/go-junit v1.0.0/go.mod h1:TiiV0PqkaNfFXjEiyjWM3XXrhVyCa1K4Zfga6W52ung=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -119,8 +121,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8=
-github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo=
 github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=
 github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE=
@@ -135,30 +135,30 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns=
-github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
-github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A=
-github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k=
-github.com/openshift/api v0.0.0-20251110111612-b69d477b85f5 h1:eKSLLmYDuHpA/5c2qUFIQYjsAzvuo4BxfgVN9p7akrU=
-github.com/openshift/api v0.0.0-20251110111612-b69d477b85f5/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
+github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI=
+github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE=
+github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=
+github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=
+github.com/openshift/api v0.0.0-20260219144226-3c4723ad34ff h1:0mm2hbLOqJxi9H1NvV9qbFJtIMaicjKSKUoDQ3VcT7M=
+github.com/openshift/api v0.0.0-20260219144226-3c4723ad34ff/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.86.2 h1:VRXUgbGmpmjZgFYiUnTwlC+JjfCUs5KKFsorJhI1ZKQ=
-github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.86.2/go.mod h1:nPk0OteXBkbT0CRCa2oZQL1jRLW6RJ2fuIijHypeJdk=
-github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
-github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
-github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
-github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
-github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
-github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0 h1:nZ9Ov2SbA8pWcyWKpf6AbQipG5Negg5CfDKWOEtnnwc=
+github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0/go.mod h1:IJwk1oNs212afqGbNnE84GAB95OHtJR/BuI1rKESiYk=
+github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
+github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
+github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
+github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
+github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
@@ -177,14 +177,14 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss=
-go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
+go.mongodb.org/mongo-driver v1.17.7 h1:a9w+U3Vt67eYzcfq3k/OAv284/uUUkL0uP75VE5rCOU=
+go.mongodb.org/mongo-driver v1.17.7/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
 go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
@@ -194,78 +194,78 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
-golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
-golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
-golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
+golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
-golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
-google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
-google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc=
+google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
-gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo=
+gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.34.2 h1:fsSUNZhV+bnL6Aqrp6O7lMTy6o5x2C4XLjnh//8SLYY=
-k8s.io/api v0.34.2/go.mod h1:MMBPaWlED2a8w4RSeanD76f7opUoypY8TFYkSM+3XHw=
-k8s.io/apiextensions-apiserver v0.34.1 h1:NNPBva8FNAPt1iSVwIE0FsdrVriRXMsaWFMqJbII2CI=
-k8s.io/apiextensions-apiserver v0.34.1/go.mod h1:hP9Rld3zF5Ay2Of3BeEpLAToP+l4s5UlxiHfqRaRcMc=
-k8s.io/apimachinery v0.34.2 h1:zQ12Uk3eMHPxrsbUJgNF8bTauTVR2WgqJsTmwTE/NW4=
-k8s.io/apimachinery v0.34.2/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
-k8s.io/client-go v0.34.2 h1:Co6XiknN+uUZqiddlfAjT68184/37PS4QAzYvQvDR8M=
-k8s.io/client-go v0.34.2/go.mod h1:2VYDl1XXJsdcAxw7BenFslRQX28Dxz91U9MWKjX97fE=
+k8s.io/api v0.35.1 h1:0PO/1FhlK/EQNVK5+txc4FuhQibV25VLSdLMmGpDE/Q=
+k8s.io/api v0.35.1/go.mod h1:28uR9xlXWml9eT0uaGo6y71xK86JBELShLy4wR1XtxM=
+k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4=
+k8s.io/apiextensions-apiserver v0.35.0/go.mod h1:E1Ahk9SADaLQ4qtzYFkwUqusXTcaV2uw3l14aqpL2LU=
+k8s.io/apimachinery v0.35.1 h1:yxO6gV555P1YV0SANtnTjXYfiivaTPvCTKX6w6qdDsU=
+k8s.io/apimachinery v0.35.1/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns=
+k8s.io/client-go v0.35.1 h1:+eSfZHwuo/I19PaSxqumjqZ9l5XiTEKbIaJ+j1wLcLM=
+k8s.io/client-go v0.35.1/go.mod h1:1p1KxDt3a0ruRfc/pG4qT/3oHmUj1AhSHEcxNSGg+OA=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA=
-k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
-k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck=
-k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A=
-sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
+k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE=
+k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
+k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU=
+k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
+sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE=
+sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg=
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
 sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
 sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
diff --git a/helm/haproxy-operator/crds/config.haproxy.com_backends.yaml b/helm/haproxy-operator/crds/config.haproxy.com_backends.yaml
index a586584..466985e 100644
--- a/helm/haproxy-operator/crds/config.haproxy.com_backends.yaml
+++ b/helm/haproxy-operator/crds/config.haproxy.com_backends.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: backends.config.haproxy.com
 spec:
   group: config.haproxy.com
diff --git a/helm/haproxy-operator/crds/config.haproxy.com_frontends.yaml b/helm/haproxy-operator/crds/config.haproxy.com_frontends.yaml
index 9374491..d0ac536 100644
--- a/helm/haproxy-operator/crds/config.haproxy.com_frontends.yaml
+++ b/helm/haproxy-operator/crds/config.haproxy.com_frontends.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: frontends.config.haproxy.com
 spec:
   group: config.haproxy.com
diff --git a/helm/haproxy-operator/crds/config.haproxy.com_listens.yaml b/helm/haproxy-operator/crds/config.haproxy.com_listens.yaml
index 8365067..b6b473f 100644
--- a/helm/haproxy-operator/crds/config.haproxy.com_listens.yaml
+++ b/helm/haproxy-operator/crds/config.haproxy.com_listens.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: listens.config.haproxy.com
 spec:
   group: config.haproxy.com
diff --git a/helm/haproxy-operator/crds/config.haproxy.com_resolvers.yaml b/helm/haproxy-operator/crds/config.haproxy.com_resolvers.yaml
index 3f8b9e1..dd2a7a0 100644
--- a/helm/haproxy-operator/crds/config.haproxy.com_resolvers.yaml
+++ b/helm/haproxy-operator/crds/config.haproxy.com_resolvers.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: resolvers.config.haproxy.com
 spec:
   group: config.haproxy.com
diff --git a/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml b/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml
index f7a184c..e7dbe60 100644
--- a/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml
+++ b/helm/haproxy-operator/crds/proxy.haproxy.com_instances.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: instances.proxy.haproxy.com
 spec:
   group: proxy.haproxy.com
@@ -2333,7 +2333,9 @@ spec:
                           type: integer
                       type: object
                     resizePolicy:
-                      description: Resources resize policy for the container.
+                      description: |-
+                        Resources resize policy for the container.
+                        This field cannot be set on ephemeral containers.
                       items:
                         description: ContainerResizePolicy represents resource resize
                           policy for the container.