diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md
index 2fb474dda..e2ba50fa5 100644
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
@@ -1609,14 +1609,14 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
 
 `TLSStore` is the CRD implementation of a [Traefik "TLS Store"](../../https/tls.md#certificates-stores).
 
-Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects
-or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`IngressRouteTCP`](#kind-ingressroutetcp) objects.
+Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects.
 
 !!! important "Default TLS Store"
 
     Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
+    This _default_ `TLSStore` should be in a namespace discoverable by Traefik. Since it is used by default on [`IngressRoute`](#kind-ingressroute) and [`IngressRouteTCP`](#kind-ingressroutetcp) objects, there never is a need to actually reference it.
     This means that you cannot have two stores that are named default in different Kubernetes namespaces.
-    For the time being, please only configure one TLSStore named default.
+    As a consequence, with respect to TLS stores, the only change that makes sense (and only if needed) is to configure the default TLSStore.
 
 !!! info "TLSStore Attributes"
     ```yaml tab="TLSStore"
@@ -1624,7 +1624,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
     kind: TLSStore
     metadata:
       name: default
-      namespace: default
+
     spec:
       certificates:                            # [1]
         - secretName: foo                      
@@ -1645,8 +1645,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
     kind: TLSStore
     metadata:
       name: default
-      namespace: default
-    
+
     spec:
       defaultCertificate:
         secretName:  supersecret
@@ -1660,16 +1659,14 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
     
     spec:
       entryPoints:
-        - web
+        - websecure
       routes:
       - match: Host(`example.com`) && PathPrefix(`/stripit`)
         kind: Rule
         services:
         - name: whoami
           port: 80
-      tls:
-        store: 
-          name: default
+      tls: {}
     ```
 
     ```yaml tab="Secret"