diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
index 6c7129da060..b172d5951fb 100644
--- a/api/v1alpha1/clienttrafficpolicy_types.go
+++ b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -258,7 +258,6 @@ type XForwardedForSettings struct {
//
// +optional
// +kubebuilder:validation:MinItems=1
- // +notImplementedHide
TrustedCIDRs []CIDR `json:"trustedCIDRs,omitempty"`
}
diff --git a/api/v1alpha1/envoygateway_types.go b/api/v1alpha1/envoygateway_types.go
index 5f5a9f1a068..e75723adc6e 100644
--- a/api/v1alpha1/envoygateway_types.go
+++ b/api/v1alpha1/envoygateway_types.go
@@ -214,6 +214,7 @@ type EnvoyGatewayKubernetesProvider struct {
// Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane
// should be deployed
// +optional
+ // +notImplementedHide
Deploy *KubernetesDeployMode `json:"deploy,omitempty"`
// LeaderElection specifies the configuration for leader election.
// If it's not set up, leader election will be active by default, using Kubernetes' standard settings.
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 64e55f21a6b..e4140563fb0 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -1173,7 +1173,6 @@ _Appears in:_
| `rateLimitDeployment` | _[KubernetesDeploymentSpec](#kubernetesdeploymentspec)_ | false | | RateLimitDeployment defines the desired state of the Envoy ratelimit deployment resource.
If unspecified, default settings for the managed Envoy ratelimit deployment resource
are applied. |
| `rateLimitHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ | false | | RateLimitHpa defines the Horizontal Pod Autoscaler settings for Envoy ratelimit Deployment.
If the HPA is set, Replicas field from RateLimitDeployment will be ignored. |
| `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ | false | | Watch holds configuration of which input resources should be watched and reconciled. |
-| `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ | false | | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane
should be deployed |
| `leaderElection` | _[LeaderElection](#leaderelection)_ | false | | LeaderElection specifies the configuration for leader election.
If it's not set up, leader election will be active by default, using Kubernetes' standard settings. |
| `shutdownManager` | _[ShutdownManager](#shutdownmanager)_ | false | | ShutdownManager defines the configuration for the shutdown manager. |
@@ -4580,6 +4579,7 @@ _Appears in:_
| Field | Type | Required | Default | Description |
| --- | --- | --- | --- | --- |
| `numTrustedHops` | _integer_ | false | | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
+| `trustedCIDRs` | _[CIDR](#cidr) array_ | false | | TrustedCIDRs is a list of CIDR ranges to trust when evaluating
the remote IP address to determine the original client’s IP address.
When the remote IP address matches a trusted CIDR and the x-forwarded-for header was sent,
each entry in the x-forwarded-for header is evaluated from right to left
and the first public non-trusted address is used as the original client address.
If all addresses in x-forwarded-for are within the trusted list, the first (leftmost) entry is used.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
#### ZipkinTracingProvider
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index 64e55f21a6b..e4140563fb0 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -1173,7 +1173,6 @@ _Appears in:_
| `rateLimitDeployment` | _[KubernetesDeploymentSpec](#kubernetesdeploymentspec)_ | false | | RateLimitDeployment defines the desired state of the Envoy ratelimit deployment resource.
If unspecified, default settings for the managed Envoy ratelimit deployment resource
are applied. |
| `rateLimitHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ | false | | RateLimitHpa defines the Horizontal Pod Autoscaler settings for Envoy ratelimit Deployment.
If the HPA is set, Replicas field from RateLimitDeployment will be ignored. |
| `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ | false | | Watch holds configuration of which input resources should be watched and reconciled. |
-| `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ | false | | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane
should be deployed |
| `leaderElection` | _[LeaderElection](#leaderelection)_ | false | | LeaderElection specifies the configuration for leader election.
If it's not set up, leader election will be active by default, using Kubernetes' standard settings. |
| `shutdownManager` | _[ShutdownManager](#shutdownmanager)_ | false | | ShutdownManager defines the configuration for the shutdown manager. |
@@ -4580,6 +4579,7 @@ _Appears in:_
| Field | Type | Required | Default | Description |
| --- | --- | --- | --- | --- |
| `numTrustedHops` | _integer_ | false | | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
+| `trustedCIDRs` | _[CIDR](#cidr) array_ | false | | TrustedCIDRs is a list of CIDR ranges to trust when evaluating
the remote IP address to determine the original client’s IP address.
When the remote IP address matches a trusted CIDR and the x-forwarded-for header was sent,
each entry in the x-forwarded-for header is evaluated from right to left
and the first public non-trusted address is used as the original client address.
If all addresses in x-forwarded-for are within the trusted list, the first (leftmost) entry is used.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
#### ZipkinTracingProvider